On Mon, Dec 5, 2016, at 16:20, Steve Atkins via dmarc-discuss wrote: > > > On Dec 5, 2016, at 1:32 PM, Denis Salicetti via dmarc-discuss > > <[email protected]> wrote: > > > > Hi Guys, > > I am having a strange behaviour with Google Calendar. > > > > Since I decided to set p=reject to my domain (galeati.it), every time I > > share a calendar with another user, Google notification (attached) gets > > rebounded immediately. I think this should not happen because my SPF record > > include: _spf.google.com ~all > > > > Any suggestions? > > Mail from within Google to other places within Google may not cross the > external, non-ten-dot internet at all - and so cannot comply with your > SPF requirement. From your forwarded error that looks like it may be > what's happening. > > Should that cause a DMARC failure? Probably, yes. This may not be a good > domain to publish a DMARC p=reject message for. > > The only people who can fix it (other than you by removing your DMARC > records) are probably Google support, given they're your vendor for both > the sender and the recipient.
Oh shoot, I missed the TXT file. Okay, looking at the headers: From: [email protected] DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=galeati.it; s=google; That looks like message did get DKIM signed and is aligned to the From header, so shouldn't that be enough to pass DMARC in this case, even if SPF fails? I agree that this should be fixed within Google, but if I were Google, I might also include all of my internal IPs in my internal representation of "_spf.google.com". Also something only Google could address, of course :) _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
