On Apr 27, 2014, at 1:45 PM, Paul Scott <[email protected]> wrote: > Okay, I have implemented DKIM on the postfix mail server, and all of the > issues I was reporting have been resolved. > > I apologize for denigrating DMARC and am chagrined at my failure to RTFM and > implement DKIM. > > But most of all, a big THANK YOU to Franck and other responders for setting > me on the right path. > > Paul > > > On Apr 26, 2014, at 9:58 PM, Franck Martin <[email protected]> wrote: > >> Paul, >> >> To me it seems because your mail server breaks DKIM when forwarding. DMARC >> relies on DKIM not getting broken in your scenario. >> >> Here what I propose you. >> 1) open an email account at gmail >> 2) open an email account at yahoo >> 3) acquire a private domain and get it to relay all mails to the yahoo >> account >> 4) send an email from the gmail account to the private domain >> 5) check the authentication results on the email you received at gmail >> 6) see that DKIM was broken >> 7) fix your mail server until DKIM does not break >> >> If you tell us what mail server you use to forward, may be we can point you >> to some information on how to preserve DKIM.
Dear Paul and Franck, Skycoast.us is using a DMARC p=reject with users sending to a mailing list. Really? I also see spf is checked for PRA and mailfrom and both DMARC and ADSP policies exchanged. The number of times spf macros run increases DDoS concerns related to macro expansion modulated by local-parts or subdomain labels. In the end, this still fails with most mailing-lists. FWIW, it may not be a surprise these messages were not handled per DMARC, but instead placed in a spam folder. The collection of errant messages is growing based on ignored failures. Is that the expected mode of operation? I will be cleaning up an old draft able to solve this noise source and unshackle users by adding a single DNS transaction. Anyone interested? Regards, Douglas Otis _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
