from:"Matthäus Wander via dmarc\-discuss"

Re: [dmarc-discuss] DMARC Aggregate Reports

2022-02-17 Thread Matthäus Wander via dmarc-discuss


John Dutfield via dmarc-discuss wrote on 2022-02-17 10:22:

What does a missing envelope address in the XML reports indicate?


It depends on whether the field is missing entirely, or whether it has 
an empty value .


A missing  usually indicates that the reporter uses an 
old report format and omits reporting the envelope from address. This 
old format can be recognized by having no  field.


An empty  usually indicates a report 
about a bounce, i.e., a message sent with a null envelope MAIL FROM: <>.


When reviewing the reports there are lot reports that do not include the 
envelope address, are these an indicator that the emails where forwarded 
or undeliverable messages?


No.

Regards,
Matt
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] Use of in DMARC aggregate reports

2021-12-19 Thread Matthäus Wander via dmarc-discuss


Maarten Oelering via dmarc-discuss wrote on 2021-12-02 13:34:

We see many aggregate reports where  is a subdomain 
which does not publish a DMARC record. The DMARC record is on the organisation domain.

[...]

It’s so widespread it looks like some DMARC reporting software is broken. In one of the 
reports I saw "X-Mailer: opendmarc-reports v1.3.2".

Do others notice this as well? And how do you treat these reports, drop them or 
fix them?


Now that you mention it: yes, we're seeing a lot of these.

We just ignore it. Dropping seems a bit excessive for what I consider a 
minor error.
I've noticed other inconsistencies or discrepancies from the XML Schema 
by looking at lots of reports. To me it's not worth to chase each of them.


Regards,
Matt
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] Drop or No Google DMARC reports

2021-10-07 Thread Matthäus Wander via dmarc-discuss


Ivan Kovachev via dmarc-discuss wrote on 2021-10-04 16:58:

Has any one recently seen a drop or no DMARC reports at all on a particular day 
being sent from Google?

For example, on the 1st October there were no DMARC reports sent to us to 
backfill the 30th September. Has anyone else got this?


Same here. No reports from Google for Sep 30.
Also, nothing since Oct 03.

Regards,
Matt
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] Multiple copies of single DMARC report from Google

2021-07-08 Thread Matthäus Wander via dmarc-discuss


Douglas Fraser via dmarc-discuss wrote on 2021-07-08 18:39:
I have looked in this list's archives and searched the Net for an 
answer, but can't find it - I am getting multiple copies of a DMARC 
report from Google nearly every day. I forget when this started, I just 
ignored it - the attached reports are always copies of the first one, so 
I'd look at one and delete the rest. No problems otherwise with 
DMARC/DKIM/SPF/etc.


I'm experiencing the same behavior with different domains and different 
mail servers, getting 1 to 6 identical reports from Google per day. The 
report mails originate from different IP addresses, but comprise the 
same report-id, same message-id and same report zip file.


I'm convinced this is not an issue on the report receiver side and 
suspect it's a design choice by Google to cater to their distributed 
architecture. It's annoying, but can be handled by filtering duplicate 
reports via report-id and submitter domain.


Regards,
Matt
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] Correct counting of DNS lookups for SPF record containing MX mechanism

2021-05-19 Thread Matthäus Wander via dmarc-discuss


Alexander NAZARIAN via dmarc-discuss wrote on 2021-05-18 20:40:

Different online SPF checkers show different results.


> [...]
>
So, looks that mailbox providers count MX mechanism as 1 lookup (no 
matter how many hostnames MX record resolves to) and dmarcanalyzer.com 
 tool lookup check have nothing with reality,


Could you help with understanding how many DNS queries are being run for 
the MX mechanism ?


You've shown two different interpretations of the SPF specification. To 
me, which of these is the correct interpretation is of less importance 
than the fact that both interpretations exist. If high deliverability is 
desired, it's thus wise to comply with the more strict interpretation.


In the concrete example, the "mx" mechanism is redundant to 
"include:_spf.google.com" and can be omitted.


Regards,
Matt
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] DKIM Pass for unauthorized servers?

2020-06-22 Thread Matthäus Wander via dmarc-discuss

Paul M. Beck wrote on 2020-06-22 05:04:
> So what should my DMARC look like... As I know my spc record is correct 
> should I be set to reject?

Your setup is fine. It's somewhat expected that SPF fails in certain
scenarios on the recipient's side that are out of your control. As long
as either DKIM or SPF produce a pass, your emails will be accepted.

Regards,
Matt



smime.p7s
Description: S/MIME Cryptographic Signature
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] DKIM Pass for unauthorized servers?

2020-06-21 Thread Matthäus Wander via dmarc-discuss

Paul M. Beck via dmarc-discuss wrote on 2020-06-21 16:27:
> I am new to DMARC But I am seeing summary reports containing DKIM=pass 
> SPF=fail for server(s) that should not be able to send email on our behalf.
> I have seen this for more than one server/domain as I assist with a number of 
> installations. 
> 
> How can another server have my freshly generated DKIM?
> 
> If these are rejections of our outbound email why is it going to google?

This sounds like the recipient is forwarding emails to Gmail. The DKIM
signature is valid because it originates from your server. SPF fails
because Google sees the recipient's forwarding MTA as sender and does
not know the true origin.

Regards,
Matt



smime.p7s
Description: S/MIME Cryptographic Signature
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] DMARC Aggregate Reports

Re: [dmarc-discuss] Use of in DMARC aggregate reports

Re: [dmarc-discuss] Drop or No Google DMARC reports

Re: [dmarc-discuss] Multiple copies of single DMARC report from Google

Re: [dmarc-discuss] Correct counting of DNS lookups for SPF record containing MX mechanism

Re: [dmarc-discuss] DKIM Pass for unauthorized servers?

Re: [dmarc-discuss] DKIM Pass for unauthorized servers?

7 matches

Site Navigation

Mail list logo

Footer information