I'd suggest that reliance upon ADSP is unwise as - having being reclassified as historic - it could stop working at any time without warning. A better option might be to sign your reports with the DKIM signature of the reporting domain (i.e. sign with example.eu instead of example.com in your obscured example).
- Roland ________________________________ From: dmarc-discuss <[email protected]> on behalf of SheridanJ West via dmarc-discuss <[email protected]> Sent: Wednesday, 1 February 2017 00:53 Cc: [email protected] Subject: Re: [dmarc-discuss] opendkim-atpszone reproducibility and examples i appear to need atps records for google this is with atps dns text records and probably others opendmarc-reports: sent report for gmail.com<http://gmail.com> to [email protected]<mailto:[email protected]> (2.0.0 Ok: queued as x1) Gmail<http://gmail.com/> gmail.com Gmail is email that's intuitive, efficient, and useful. 15 GB of storage, less spam, and mobile access. postfix/smtp[28130]: x2: to=<[email protected]<mailto:[email protected]>>, relay=aspmx.l.google.com<http://aspmx.l.google.com>[66.102.1.26]:25, delay=0.87, delays=0.13/0.01/0.25/0.48, dsn=2.0.0, status=sent (250 2.0.0 OK xx xx - gsmtp) without atps [results i got from last week] postfix/smtp[5820]: x0: to=<[email protected]<mailto:[email protected]>>, relay=aspmx.l.google.com<http://aspmx.l.google.com>[74.125.71.26]:25, delay=1.1, delays=0.13/0.01/0.49/0.43, dsn=5.7.1, status=bounced (host aspmx.l.google.com<http://aspmx.l.google.com>[74.125.71.26] said: 550-5.7.1 Unauthenticated email from example.eu<http://example.eu> is not accepted due to 550-5.7.1 domain's DMARC policy. Please contact the administrator of 550-5.7.1 example.eu<http://example.eu> domain if this was a legitimate mail. I used (appears to work) dns records _adsp._domainkey.example.eu<http://domainkey.example.eu>. "dkim=all atps=y; asl=example.com<http://example.com>;" <sha1 of example.com<http://example.com>>._atps.example.eu<http://atps.example.eu>. "v=atps01; d=example.com<http://example.com>;" not work (or tried yet) the content made by openmarc-atpszone v=ATPS1; d=example.net<http://example.net> The windows version appears to be the winner for syntax of atps. although i can get sha1 domain name hashes from both with. opendkim-atpszone -h sha1 -u example.com<http://example.com> -A example.net<http://example.net> So most of opendkim-atpszone is best ignored it appears On Tue, Jan 31, 2017 at 2:17 PM, Juri Haberland via dmarc-discuss <[email protected]<mailto:[email protected]>> wrote: SheridanJ West via dmarc-discuss wrote: > I encountered a opendmarc bug that required adsp records as well to send > dmarc reports and i had a fun time trying to reproduce the output for i do > not know how long the url i mention will last. > Is nearly the same but I am confused - is the web parser right and the > opendkim-atpszone command wrong? with v=ATPS1 > I ask as this affects only dmarc reports (no i do not run > example.com<http://example.com>) our > normal email is sent ok Even though this is not an OpenDMARC specific mailing list but a generic DMARC discussion list, can you be a bit more specific in which way OpenDMARC reports are affected by the differing output of the webtool vs. opendkim-atpszone? Juri _______________________________________________ dmarc-discuss mailing list [email protected]<mailto:[email protected]> http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
