Hi Tim,
I understand that the receivers are free to apply whatever policy they
want. However, in line with DMARC, I would expect receivers to follow
some guidelines. I am really interested in these guidelines so that I
can configure my mail server correctly.
In this particular case, I was able to confirm that the email didn't
originate from @mpipe.net. So, it was an unsolicited email.
I understand from your response that the receiver giving a reason
"forwarder" is kind of like a special case which they want to handle
correctly. Although, I wish DMARC provided some way of saying, no
special cases. After all, senders do get a failure message when the
email gets rejected at the SMTP layer due to DMARC.
Is there a way of saying no special cases in DMARC ?
Regards,
-Ashok.
On 02/19/2014 11:11 PM, Tim Draegen wrote:
Hi -Ashok.,
The "forwarded" reason is supposed to mean Why your requested policy was not
applied.
This is typically used when a receiver knows that email is coming in from a
service that people use to scan/clean... or forward.. email.
Keep in mind that email Receivers will always be free to apply whatever policy
they want. In your case, the receiver has added an exception for that specific
server because, from their perspective, legitimate email is flowing in to their
infrastructure from that server (even though authentication is being broken).
If they didn't apply this exception, then legitimate email would fail to be
delivered, and likely incur support costs.
HTH,
=- Tim
PS. I don't think you can do anything, except if you have evidence that the
server is NOT a forwarder.
On Feb 19, 2014, at 8:33 AM, Dorai Ashok S A <[email protected]> wrote:
Hi,
In the last few months, I have noticed a few unauthorized email messages being accepted
even though DMARC and SPF checks fail. In the DMARC report, reason is mentioned as
"forwarded". I have search around a lot on this and I haven't been able to find
a solution. Hence trying to seek some help here.
Could someone explain what "forwarded" means when DMARC policy is "reject" ? and How do i
enforce the "reject" policy in such cases ?
I have listed down the information I have in the DMARC report below for your
reference,
Policy Published:
<policy_published>
<domain>mpipe.net</domain>
<adkim>s</adkim>
<aspf>s</aspf>
<p>reject</p>
<sp>reject</sp>
<pct>100</pct>
</policy_published>
Record:
<record>
<row>
<source_ip>192.185.4.17</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
<reason>
<type>forwarded</type>
<comment></comment>
</reason>
</policy_evaluated>
</row>
<identifiers>
<header_from>mpipe.net</header_from>
</identifiers>
<auth_results>
<spf>
<domain>mpipe.net</domain>
<result>fail</result>
</spf>
</auth_results>
</record>
NOTE: 192.185.4.17 is an *Unauthorized* sender.
Regards,
-Ashok.
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
