[TBird goofy URL-ification of everything left intact because I'm too
lazy to fix someone else's MUA garbage]
On 26 Apr 2021, at 9:13, Jeff Abrahamson wrote:
ARC-Authentication-Results: i=1;
[mx.google.com](<http://mx.google.com>);
dkim=pass header.i=@[p27.eu](<http://p27.eu>) header.s=mail
header.b=mQXXt3xe;
Google confirms that there's a good DKIM signature by/for p27.eu.
spf=neutral ([google.com](<http://google.com>):
217.72.192.73 is neither permitted nor denied by best guess record for
domain of [[email protected]](<mailto:[email protected]>))
smtp.mailfrom=[[email protected]](<mailto:[email protected]>);
Kinky. 1&1 seems to be replacing the original envelope sender with the
intermediate address. That should be fun for bounces... In any case, SPF
fails to verify because that domain has no SPF record.
dmarc=fail (p=NONE sp=NONE dis=NONE)
header.from=[mobilitains.fr](<http://mobilitains.fr>)
Google is expecting DMARC alignment with mobilitains.fr, the domain in
the From header. That is the ONLY way DMARC can succeed because the
forwarding breaks SPF, as it would always be expected to do even if they
didn't rewrite the envelope sender. There is no alignment, so DMARC
fails.
[...]
Received-SPF: neutral ([google.com](<http://google.com>):
217.72.192.73 is neither permitted nor denied by best guess record for
domain of [[email protected]](<mailto:[email protected]>))
client-ip=217.72.192.73;
Authentication-Results: [mx.google.com](<http://mx.google.com>);
dkim=pass header.i=@[p27.eu](<http://p27.eu>) header.s=mail
header.b=mQXXt3xe;
spf=neutral ([google.com](<http://google.com>):
217.72.192.73 is neither permitted nor denied by best guess record for
domain of [[email protected]](<mailto:[email protected]>))
smtp.mailfrom=[[email protected]](<mailto:[email protected]>);
dmarc=fail (p=NONE sp=NONE dis=NONE)
header.from=[mobilitains.fr](<http://mobilitains.fr>)
The same thing in the form of a Received-SPF header
Received: from [217.72.192.67] ([217.72.192.67]) by
[mx.kundenserver.de](<http://mx.kundenserver.de>) (mxeue110
[217.72.192.67]) with ESMTPS (Nemesis) id 1Mkoav-1lvFYR407T-00mIMK for
<[[email protected]](<mailto:[email protected]>)>; Wed, 21 Apr
2021 12:28:05 +0200
Received: from [nantes-m1.p27.eu](<http://nantes-m1.p27.eu>)
([172.105.247.37]) by
[mx.kundenserver.de](<http://mx.kundenserver.de>) (mxeue110
[217.72.192.67]) with ESMTPS (Nemesis) id 1MJU9W-1lFHn23zxY-00JsAh for
<[[email protected]](<mailto:[email protected]>)>; Wed, 21
Apr 2021 12:28:04 +0200
Received: from [192.168.1.35]
([176-139-184-203.abo.bbox.fr](<http://176-139-184-203.abo.bbox.fr>)
[176.139.184.203]) (using TLSv1.2 with cipher
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a
certificate) (Authenticated sender:
[[email protected]](<mailto:[email protected]>)) by
[nantes-m1.p27.eu](<http://nantes-m1.p27.eu>) (Postfix) with ESMTPSA
id 37F1AA148D; Wed, 21 Apr 2021 10:28:04 +0000 (UTC)
So apparently the reason DMARC works when sending straight to GMail is
that the smtp.mailfrom and header.from align at mobilitains.fr, so SPF
achieves DMARC alignment (using Google's 'best guess' tactic, as
nantes-m1.p27.eu is an MX) where DKIM does not.
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=[p27.eu](<http://p27.eu>); s=mail; t=1619000884;
bh=cgbJn61eT58DYGGnJ+KiFz0hVfhG2B9PPsSj7PWJcmA=;
h=Date:Subject:From:To:CC;
b=mQXXt3xeT5/lLgnrBRhKpGn4BspBQv7xH7azTepVckHOKDtSm+wjPJHYp9zJ/XCMo
VKwY2/nVojhyZZN1jlO9X81++485rqxuTxPZMlUKtFxcUhIML1cA2cd8gOdtRsZiVt
7F9YswqymNrUkNx6YBX8/EigYj71MjeFidOYSVOcLD2XgHZCfh6Y9XaADu8ISBJlRo
n8APKzaDP2YOwdxNOTve7NH2N7/LDgVJIWEeEj9HTaJeztkx+fVnmpx+xlAK0NoTQ0
STgz5ZQozL6y80RXW9fF2p4K9MwxffordnEgQLGuFWtIujwg8abIM+WjM+C1vnflYh
CcxvkmEFozsAw==
This perfectly valid signature is useless for DMARC unless the From
header address is in p27.eu.
--
Bill Cole
[email protected] or [email protected]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
