Re: [dmarc-discuss] A bit quiet?

Thu, 27 Oct 2016 13:54:03 -0700 

> On Oct 26, 2016, at 8:56 PM, Roland Turner via dmarc-discuss 
> <dmarc-discuss@dmarc.org> wrote:
> 
> Payne, John wrote:
> 
> > Yeah, but why are they showing up in _my_ DMARC reports?
> ...
> > Domain  MAIL FROM       DKIM domain     SPF Auth        DKIM Auth       
> > Total
> > akamai.com oppa.com.br oppa-com-br.20150623.gappssmtp.com Pass  Pass    237
> 
> oppa.com.br has a syntactically invalid SPF record, so it's odd that it's 
> passing at all. You didn't show which IP address the reporter saw this stream 
> coming from: were they forwarded in your environment with their DKIM 
> signatures intact?

That was just a random example.   The IPs are all Google.  These are not 
forwarded within my environment.


First couple from literally thousands of Google IPs:
IP      PTR Name        SBRS    Country DMARC Fail %    DMARC Fail      Total
2607:f8b0:4003:c06::247 mail-oi0-x247.google.com (IPv6)         99.96%  2,847   
2,848
2607:f8b0:4003:c06::245 mail-oi0-x245.google.com (IPv6)         99.96%  2,792   
2,793
2607:f8b0:4003:c06::246 mail-oi0-x246.google.com (IPv6)         100.00% 2,769   
2,769
2607:f8b0:4003:c06::248 mail-oi0-x248.google.com (IPv6)         99.96%  2,673   
2,674


Drilling into that first one and again, just taking the first couple because 
it’s just more of the same with many different domains:

Domain  MAIL FROM       DKIM domain     SPF Auth        DKIM Auth       Total
akamai.com      kohls.com       kohls-com.20150623.gappssmtp.com        Pass    
Pass    369
akamai.com      stickyads.tv    stickyads.tv    Pass    Pass    256
akamai.com      jforce.com.tw   jforce-com-tw.20150623.gappssmtp.com    Pass    
Pass    238
akamai.com      ziffdavis.com   ziffdavis-com.20150623.gappssmtp.com    Pass    
Pass    205



There are no RUFs generated, only RUAs.

As an example of why this is a problem for me… Yesterday out of 53,078 DMARC 
failures, 49,101 were from Google IP space.  I can’t even find the 4,000 other 
failures amongst all the Google ones to see if they’re things I need to worry 
about or not!

I’d love to understand either why I’m so special in this regard, or if I’m not 
how others are dealing with this.   We do use Google Apps (just not mail), and 
a lot of our customers are Google mail customers, so I really don’t want to ask 
Agari to filter out reports from Google - but I’m at my wits end with this.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Reply via email to