On 12/24/2016 11:12 AM, John Levine wrote: >> My interpretation of this is that the host at 209.17.115.53 (NOT my >> SMTP host) sent a DKIM-signed email to Google with a spoofed From: >> domain matching mine. >> >> <policy_evaluated> >> <disposition>none</disposition> >> <dkim>pass</dkim> >> <spf>fail</spf> >> </policy_evaluated> >> >> How did the DKIM signature 'pass'? What does the disposition=none >> mean? Did Google not reject the email? > > It means the message had *your* signature. Unless you have the > world's worst crypto security, this means you sent a message to > someone who forwarded it to a mailbox at Gmail. > > When you looked at your outgoing mail logs for mail you sent yesterday > to MTAs in the IP range 209.17.112.0/21, which is one of web.com's > hosting farms, what did you find?
My mail logs show no outgoing connections to any IP address in 209.17.0.0/16. My server is very low volume (handles my personal mail only). Here's the list of outgoing connections for the last several days: Num IP Host --- -------------- -------------------------------------------- 1 108.166.43.1 mx1.emailsrvr.com 3 129.6.100.200 ns1.had-pilot.biz 1 173.194.204.26 gmail-smtp-in.l.google.com 2 173.194.204.27 gmail-smtp-in.l.google.com 1 173.194.68.27 gmail-smtp-in.l.google.com 1 206.188.198.64 inbound.designtech.com.netsolmail.net 1 207.46.163.138 providence-org.mail.protection.outlook.com 1 207.46.163.42 oregoncarepartners-com.mail.protection.outlook.com 4 208.69.40.156 dragon.trusteddomain.org 1 209.85.201.26 gmail-smtp-in.l.google.com 1 213.199.154.202 ginmo-es.mail.protection.outlook.com 1 213.199.154.234 ginmo-es.mail.protection.outlook.com 1 66.196.118.36 mta6.am0.yahoodns.net 1 68.178.213.203 smtp.secureserver.net 1 72.167.238.29 smtp.secureserver.net 1 74.125.192.26 gmail-smtp-in.l.google.com 1 98.136.217.203 mta7.am0.yahoodns.net 1 98.138.112.37 mta7.am0.yahoodns.net -- Jim Garrison ([email protected]) PGP Keys at http://www.jhmg.net RSA 0x04B73B7F DH 0x70738D88 _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
