>My interpretation of this is that the host at 209.17.115.53 (NOT my >SMTP host) sent a DKIM-signed email to Google with a spoofed From: >domain matching mine. > > <policy_evaluated> > <disposition>none</disposition> > <dkim>pass</dkim> > <spf>fail</spf> > </policy_evaluated> > >How did the DKIM signature 'pass'? What does the disposition=none >mean? Did Google not reject the email?
It means the message had *your* signature. Unless you have the world's worst crypto security, this means you sent a message to someone who forwarded it to a mailbox at Gmail. When you looked at your outgoing mail logs for mail you sent yesterday to MTAs in the IP range 209.17.112.0/21, which is one of web.com's hosting farms, what did you find? R's, John _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
