Thanks, I assumed this was an issue, but our vendor who controls our DKIM (Sophos) addded the record and we have no control over it. I am going to have our network team contact them and get this fixed.
From: mailop <mailop-boun...@mailop.org> On Behalf Of Alan Hodgson via mailop Sent: Friday, June 16, 2023 4:57 PM To: mailop@mailop.org Subject: [EXT] - Re: [mailop] Dkim fails, success on same email? On Fri, 2023-06-16 at 18:05 +0000, Salvatore Jr Walter P via mailop wrote: Getting reports back from several ISPs like the one below. It shows dkim failing for the IP, but successful for the domain? The domain “mail-dkim-us-west-2.prod.hydra.sophos.com” uses multiple IPs, One of which is “198.154.181.72”. We do receive failures on all other IPs as well. Is this an actual issue or something we can ignore? <record> <row> <source_ip>198.154.181.72</source_ip> <count>1</count> <policy_evaluated> <disposition>none</disposition> <dkim>fail</dkim> <spf>pass</spf> </policy_evaluated> </row> <identifiers> <header_from>warwickri.gov</header_from> </identifiers> <auth_results> <dkim> <domain>mail-dkim-us-west-2.prod.hydra.sophos.com</domain> <selector>v1</selector> <result>pass</result> </dkim> <spf> <domain>warwickri.gov</domain> <result>pass</result> </spf> </auth_results> </record> It appears you're DKIM-signing it, but not with an identifier aligned with your From: domain. So DKIM passes but not in a way that satisfies DMARC. It passed DMARC only because it passes SPF. You should add a DKIM signature from a domain aligned with your From: domain.
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
