Hello Bastian,
On 6/2/21 2:17 PM, Bastian Blank via mailop wrote:
On Wed, Jun 02, 2021 at 01:22:31PM +0200, Tim Düsterhus, WoltLab GmbH via
mailop wrote:
Mail is being sent with a 'MAIL FROM:<[email protected]>'
with the 'From:' containing an email address of the customer's custom
domain.
We're DKIM signing the emails using a key in the 'bounce.woltlab.cloud'
domain and add a 'Feedback-ID: customer_id:WCloud' header to all emails, in
an attempt to uniquely identify the customer in cases of spam reports.
So you produce third party signatures. You need to sign also with the
customer's domain if you want to have that in the From header.
I understand that this is important for DMARC alignment and in fact we
already support double-signing any outgoing emails for larger customers
that tend to generate more (email) traffic. However it comes with more
manual set-up on the customer's end, because we can't simply handle it
for them using the existing CNAME. This probably results in customers
not caring enough, because it's not visibly important to them. In any
case we are already planning to push this more.
However Google's documentation does not appear to clearly indicate that
this type of alignment is relevant for the Feedback Loop mechanism. It says:
In order to prevent spoofing of the Feedback-ID, the traffic being sent to
Gmail needs to be DKIM signed by a domain owned (or controlled) by the sender,
after the addition of this header. This domain should be added and verified to
the Gmail Postmaster Tools, so that the sender can access the FBL data.
And indeed the signature matches our domain we set up in Postmaster
Tools. We are seeing practically all information regarding that domain
(e.g. Spam Rate, IP and Domain Reputation, Encryption / Authentication
Status). The only thing that's empty is the Feedback Loop.
However it does not appear to be terribly useful if we had to set up all
the *customer* domains in *our* account in Postmaster Tools to be able
to access Feedback Loop identifiers that *we* set to protect the
reputation of *our* mail servers, especially since the MAIL FROM is a
domain of ours.
Can you clarify whether your reply was a general remark regarding our
setup or whether you know this is indeed a requirement to consume the
Feedback-ID with Google Postmaster Tools?
Best regards
Tim Düsterhus
Postmaster WoltLab GmbH
--
WoltLab GmbH
Nedlitzer Str. 27B
14469 Potsdam
Tel.: +49 331 96784338
[email protected]
www.woltlab.com
Managing director:
Marcel Werk
AG Potsdam HRB 26795 P
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
