On Mon, Dec 5, 2016, at 16:57, Steve Atkins via dmarc-discuss wrote: > > > On Dec 5, 2016, at 4:36 PM, Dave Warren via dmarc-discuss > > <dmarc-discuss@dmarc.org> wrote: > > > > On Mon, Dec 5, 2016, at 16:20, Steve Atkins via dmarc-discuss wrote: > >> > >> Mail from within Google to other places within Google may not cross the > >> external, non-ten-dot internet at all - and so cannot comply with your > >> SPF requirement. From your forwarded error that looks like it may be > >> what's happening. > >> > >> Should that cause a DMARC failure? Probably, yes. This may not be a good > >> domain to publish a DMARC p=reject message for. > >> > >> The only people who can fix it (other than you by removing your DMARC > >> records) are probably Google support, given they're your vendor for both > >> the sender and the recipient. > > > > Oh shoot, I missed the TXT file. Okay, looking at the headers: > > > > From: denis.salice...@galeati.it > > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; > > d=galeati.it; s=google; > > > > That looks like message did get DKIM signed and is aligned to the From > > header, so shouldn't that be enough to pass DMARC in this case, even if > > SPF fails? > > Should be, assuming it's a valid signature (and there's no reason to > think it isn't). > > *But* in this case, the lack of Authentication-Results header makes me suspect > DKIM may be checked at an external MX that this internal-only message didn't > go through, leading to an authentication failure that parallels the SPF > one.
I had the same thought, but, the attached bounce wouldn't necessarily have an Authentication-Results header yet if the message is rejected by the server that should be responsible for adding said header. Either way, it's all on Google, hopefully their customer support will be competent. _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)