Hello,
in July 2013 I came up with message from <newsletter at
service3.zalando-lounge.de>.
These message fail the DMARC test but google for example let them pass.
see http://www.dmarc.org/pipermail/dmarc-discuss/2013-July/002048.html
As the issue remain unsolved I now have to deal with the same problem again.
I think, it's an issue in opendmarc. I was able to simplify message
and config to bare minimum:
---- messagefile --
Return-Path: <[email protected]>
Authentication-Results: mail.example.org;
dkim=pass header.d=service3.zalando-lounge.de
[email protected] header.b=foobar
Authentication-Results: mail.example.org;
spf=pass smtp.mailfrom=<[email protected]>
smtp.helo=pmta43120.emarsys.net
From: <[email protected]>
Date: Fri, 24 Jan 2014 05:08:06 +0100
messagebody
----
---- opendmarc.conf --
AuthservID mail.example.org
RejectFailures yes
----
$ opendmarc -c opendmarc.conf -t messagefile -vv
opendmarc: mlfi_connect() returned SMFIS_CONTINUE
opendmarc: messagefile: mlfi_envfrom() returned SMFIS_CONTINUE
opendmarc: messagefile: line 1: mlfi_header() returned SMFIS_CONTINUE
opendmarc: messagefile: line 2: mlfi_header() returned SMFIS_CONTINUE
opendmarc: messagefile: line 4: mlfi_header() returned SMFIS_CONTINUE
opendmarc: messagefile: line 6: mlfi_header() returned SMFIS_CONTINUE
opendmarc: messagefile: line 7: mlfi_header() returned SMFIS_CONTINUE
### INSHEADER: idx=1 hname='Authentication-Results'
hvalue='mail.example.org; dmarc=pass
header.from=service3.zalando-lounge.de'
opendmarc: messagefile: mlfi_eom() returned SMFIS_ACCEPT
opendmarc: mlfi_close() returned SMFIS_CONTINUE
-.> dmarc=pass, message accepted -> FINE :-)
But I usually load the publicsuffixlist from http://publicsuffix.org/
$ wget -q http://publicsuffix.org/list/effective_tld_names.dat
$ echo 'PublicSuffixList /path/to/effective_tld_names.dat' >> opendmarc.conf
Now it looks different:
$ opendmarc -c opendmarc.conf -t messagefile -vv
opendmarc: mlfi_connect() returned SMFIS_CONTINUE
opendmarc: messagefile: mlfi_envfrom() returned SMFIS_CONTINUE
opendmarc: messagefile: line 1: mlfi_header() returned SMFIS_CONTINUE
opendmarc: messagefile: line 2: mlfi_header() returned SMFIS_CONTINUE
opendmarc: messagefile: line 4: mlfi_header() returned SMFIS_CONTINUE
opendmarc: messagefile: line 6: mlfi_header() returned SMFIS_CONTINUE
opendmarc: messagefile: line 7: mlfi_header() returned SMFIS_CONTINUE
### SETREPLY: rcode='550' xcode='5.7.1' replytxt='rejected by DMARC
policy for service3.zalando-lounge.de'
opendmarc: messagefile: mlfi_eom() returned SMFIS_REJECT
opendmarc: mlfi_close() returned SMFIS_CONTINUE
-> DMARC fail, message is rejected.
As someone found in July, there is no DMARC record for
zalando-lounge.de but only for service3.zalando-lounge.de
see https://dmarcian.com/dmarc-inspector/service3.zalando-lounge.de
I know a batch of other domains behaving the same manner:
- infoservice.sky.de
- reply.dashoefer.de
- reply.deutschlandcard.de
- reply.hoerhelfer.de
- emailnews.friendscout24.de
Most of them are operated by emarsys-eMarketing, but also other.
Common to all of them: the SLD do not provide a DMARC record. Only the
subdomain do.
DMARC test fail if PublicSuffixList is active.
I hope this detailed information help to identify and hopefully fix
the problem.
Thanks
Andreas
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
