Hi Ashok, The most likely explanation is that someone @mpipe.net is sending email *to* someone that has an email box with an MX of gator4006.hostgator.com (192.185.4.17). That server receives the email message and then forwards it on to the recipients mailbox. This is a very common practice, and it looks to the final recipient as if 192.185.4.17 is sending mail from your domain. Technically, it is, but forwards are an edge case that the recipients mail server knows about and decided to pass anyway, despite the DMARC failure.
Matt On Feb 19, 2014, at 8:33 AM, Dorai Ashok S A <[email protected]> wrote: > Hi, > > In the last few months, I have noticed a few unauthorized email messages > being accepted even though DMARC and SPF checks fail. In the DMARC report, > reason is mentioned as "forwarded". I have search around a lot on this and I > haven't been able to find a solution. Hence trying to seek some help here. > > Could someone explain what "forwarded" means when DMARC policy is "reject" ? > and How do i enforce the "reject" policy in such cases ? > > I have listed down the information I have in the DMARC report below for your > reference, > > Policy Published: > > <policy_published> > <domain>mpipe.net</domain> > <adkim>s</adkim> > <aspf>s</aspf> > <p>reject</p> > <sp>reject</sp> > <pct>100</pct> > </policy_published> > > Record: > > <record> > <row> > <source_ip>192.185.4.17</source_ip> > <count>1</count> > <policy_evaluated> > <disposition>none</disposition> > <dkim>fail</dkim> > <spf>fail</spf> > <reason> > <type>forwarded</type> > <comment></comment> > </reason> > </policy_evaluated> > </row> > <identifiers> > <header_from>mpipe.net</header_from> > </identifiers> > <auth_results> > <spf> > <domain>mpipe.net</domain> > <result>fail</result> > </spf> > </auth_results> > </record> > > NOTE: 192.185.4.17 is an *Unauthorized* sender. > > Regards, > -Ashok. > > _______________________________________________ > dmarc-discuss mailing list > [email protected] > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well terms > (http://www.dmarc.org/note_well.html) _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
