[dmarc-discuss] Responses to Google Calendar Invites being DMARC rejected

2017-12-14 Thread Ivan Kovachev via dmarc-discuss 
Hello everyone,

I have observed an interesting case where calendar invites send by google to 
another third-party email service are being rejected on the way back (ie. when 
accepted) if the receiver of the invites is in DMARC reject.

I have also observed that in some cases there are two sets of response buttons 
present in the calendar invitation email. One set is the usual google response 
buttons found towards the bottom of the email, and the other set is out-of-band 
response buttons found towards the top of the email. I have shown some examples 
below.

Google buttons:

Out-of-band buttons:


When accepting the invitation using the google response buttons, the email is 
rejected and the responder receives a 5.7.1 DSN back due to the responder's 
domain having a DMARC reject policy. However, when accepting the invitation 
using the out-of-band buttons the email is sent through the correct servers, 
DMARC passes and the response is received successfully by Google. 

Those out-of-band buttons do not always exist. Some mail clients display them 
and some do not. Also, it depends if a desktop mail client is used or webmail. 
During my testing I found the following:

Google --> Office 365 domain that is in DMARC reject - working but office 365 
domain needs to reply using the out-of-band buttons

Google --> AOL - not working as AOL does not display out-of-band buttons

Google --> Yahoo - working but Yahoo needs to reply using the out-of-band 
buttons


My question 1: is using the out-of-band buttons the only workaround for the 
moment and if it is, what happens when those buttons are not available?

My question 2: is there any work done by google to resolve this?

Hey Brandon, can you give some insight on the above issue?

Regards,
Ivan Kovachev
 ___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] Responses to Google Calendar Invites being DMARC rejected

2017-12-14 Thread Ivan Kovachev via dmarc-discuss 
Simon,

The out-of-band effectively sends the response through the servers of the 
actual responder and not through Google' servers and that is why it passes 
DMARC.

Ivan

> On 14 Dec 2017, at 11:28, Sim <s...@simonliebold.de> wrote:
> 
> Am 14.12.2017 um 11:15 schrieb Ivan Kovachev via dmarc-discuss:
>> Some mail clients display them and some do not. Also, it depends if a
>> desktop mail client is used or webmail. 
> 
> I noticed trouble with invitations not while responding but while
> forwarding calendar invitations. See
> http://lists.dmarc.org/pipermail/dmarc-discuss/2017-August/003865.html.
> 
> What does "out-of-band" replying to invitations actually do?
> 
> Simon
> 


___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

[dmarc-discuss] DMARC support on Exchange Servers and reporting back to senders

2017-12-20 Thread Ivan Kovachev via dmarc-discuss 
Hello all,

as far as I am aware, based on research, On-premise Exchange Servers do not 
support DMARC by default and third-party plugins need to be installed.

I was wondering if anyone has already done this on their exchange server and if 
they could give some suggestion on the products they have used?

Finally, I cannot find a single product that supports DMARC reporting ie. 
configure the exchange server to send aggregate reports back to the senders? 
Does anyone know if that is possible at all at the moment?


___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

[dmarc-discuss] How to treat multiple DMARC reports for the same message

2018-02-23 Thread Ivan Kovachev via dmarc-discuss 
Hello all,

in section 9.3 of the ARC RFC it says:

"Mediators SHOULD generate DMARC reports on messages which transit their system 
just like any other message which they receive. This will result in multiple 
reports for each mediated message as they transit the series of handlers. DMARC 
report consumers should be aware of this behaviour and make the necessary 
accommodations."


Could someone please advise how to identify multiple DMARC reports for the same 
message and display a single final result instead of multiple results for the 
same message (from the perspective of DMARC report consumers)?___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

[dmarc-discuss] Email encryption services and DMARC

2018-07-11 Thread Ivan Kovachev via dmarc-discuss 
Hello all,

I have a question regarding third-party email encryption services and DMARC.

For example, when using Cisco CRES the emails contain the From domain of the 
sender and the Return-Path is that of the sender so if they authorize Cisco 
CRES then emails will pass SPF and align with regards to DMARC. Emails contain 
no DKIM signature.

The recipient then replies and again emails go through the CRES servers, the 
From domain is that of the company that replies, the Return-Path is also that 
of the company that replies, however, they will also have to authorize Cisco 
CRES in their SPF in order for DMARC to pass. Again no DKIM. 

The problem is that there are many other email encryption services out there 
and if the sender is using any of them then their recipients must also 
authorize them in their SPF records. This means that if any the sender or 
recipient is in DMARC reject when replying to such emails their emails will be 
rejected.

Has anyone come across this problem before and what have you done to solved it? 
Is using subdomains (in DMARC none policy) for this email communication the 
only way to go for now?___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

[dmarc-discuss] Mimecast and Office 365

2018-04-11 Thread Ivan Kovachev via dmarc-discuss 
Hello guys,

I have three questions for you that I am unsure about and hoping that someone 
at Microsoft will be able to help:

First two questions are related to Mimecast acting as inbound security gateway 
to O365:

1. When Mimecast acts as inbound gateway solution and it receives an email, it 
does DMARC checks and lets the email through to O365 environment. Even if an 
email passes DMARC checks at Mimecast and the email is let through, then O365 
also seems to also be doing DMARC checks but both SPF and DKIM fail because of 
the change that Mimecast does. As a results DMARC fails. My questions is, what 
is the best practice here in this scenario? Is there a way to turn off DMARC 
checks at O365? Mimecast suggest that it is whitelisted in O365 but that means 
that all the spam will be let through as well.

2. Would O365 send DMARC reports back to the sender in the above case? And, if 
O365 sends DMARC reports back to the sender then emails will be shown as 
originating from Mimecast but failing DMARC.

3. Would O365 do DMARC checks for internal emails ie. O365 tenant employee to 
another O365 tenant employee? And would it send DMARC reports in this case?


___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] dmarc-discuss Digest, Vol 72, Issue 2

2018-04-18 Thread Ivan Kovachev via dmarc-discuss 
Hello Roland,

thank you for the reply.

I found this on Microsoft's website:

"If you have configured your domain's MX records where EOP is not the first 
entry, DMARC failures will not be enforced for your domain.
If you're an Office 365 customer, and your domain's primary MX record does not 
point to EOP, you will not get the benefits of DMARC. For example, DMARC won't 
work if you point the MX record to your on-premises mail server and then route 
email to EOP by using a connector. "
I guess this is why we are currently not seeing any reports being sent by 
Office 365 if it has Mimecast in front of it and as part of the MX record for 
receiving domain.  
> On 12 Apr 2018, at 20:00, dmarc-discuss-requ...@dmarc.org wrote:
> 
> Send dmarc-discuss mailing list submissions to
>   dmarc-discuss@dmarc.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>   http://dmarc.org/mailman/listinfo/dmarc-discuss
> or, via email, send a message with subject or body 'help' to
>   dmarc-discuss-requ...@dmarc.org
> 
> You can reach the person managing the list at
>   dmarc-discuss-ow...@dmarc.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of dmarc-discuss digest..."
> 
> 
> Today's Topics:
> 
>   1. Re: Mimecast and Office 365 (Roland Turner)
> 
> 
> --
> 
> Message: 1
> Date: Thu, 12 Apr 2018 15:57:20 +0800
> From: Roland Turner <rol...@rolandturner.com>
> To: dmarc-discuss@dmarc.org
> Subject: Re: [dmarc-discuss] Mimecast and Office 365
> Message-ID: <7a30d43c-5cd2-9da2-aff9-af92cc71c...@rolandturner.com>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
> 
> On 11/04/18 22:07, Ivan Kovachev via dmarc-discuss wrote:
> 
>> Hello guys,
>> 
>> I have three questions for you that I am unsure about and hoping that 
>> someone at Microsoft will be able to help:
>> 
>> First two questions are related to Mimecast acting as inbound security 
>> gateway to O365:
>> 
>> 1. When Mimecast acts as inbound gateway solution and it receives an 
>> email, it does DMARC checks and lets the email through to O365 
>> environment. Even if an email passes DMARC checks at Mimecast and the 
>> email is let through, then O365 also seems to also be doing DMARC 
>> checks but both SPF and DKIM fail because of the change that Mimecast 
>> does. As a results DMARC fails. My questions is, what is the best 
>> practice here in this scenario? Is there a way to turn off DMARC 
>> checks at O365? Mimecast suggest that it is whitelisted in O365 but 
>> that means that all the spam will be let through as well.
> 
> DMARC checking should only occur at the host referred to be the MX 
> record as SPF is still relevant for at least some email. I believe 
> Office 365 has a trusted inbound relays option (i.e. Office 365 trusts 
> the specified hosts to filter their email) although I can't quickly find it.
> 
> Mimecast is apparently unwilling to change their service to stop 
> damaging incoming messages that don't breach the policies being enforced 
> (they unconditionally unpack and then repack every message, rather than 
> only those whose contents they have reason to modify).
> 
>> 2. Would O365 send DMARC reports back to the sender in the above case? 
>> And, if O365 sends DMARC reports back to the sender then emails will 
>> be shown as originating from Mimecast but failing DMARC.
> 
> Yes and yes if you've not listed Mimecast as a trusted inbound relay. 
> (Assuming that the trusted inbound relays setting is not a figment of my 
> imagination, one would hope that Office 365 would not set feedback in 
> this case.)
> 
>> 3. Would O365 do DMARC checks for internal emails ie. O365 tenant 
>> employee to another O365 tenant employee? And would it send DMARC 
>> reports in this case?
> 
> Yes and hopefully yes.
> 
> - Roland
> -- next part --
> An HTML attachment was scrubbed...
> URL: 
> <http://dmarc.org/pipermail/dmarc-discuss/attachments/20180412/52e84e2b/attachment-0001.html>
> 
> --
> 
> Subject: Digest Footer
> 
> ___
> dmarc-discuss mailing list
> dmarc-discuss@dmarc.org
> http://www.dmarc.org/mailman/listinfo/dmarc-discuss
> 
> NOTE: Participating in this list means you agree to the DMARC Note Well terms 
> (http://www.dmarc.org/note_well.html)
> 
> 
> --
> 
> End of dmarc-discuss Digest, Vol 72, Issue 2
> 

___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] dmarc-discuss Digest, Vol 72, Issue 5

2018-04-19 Thread Ivan Kovachev via dmarc-discuss 
Hello Roland,

it would not make sense for Microsoft in this scenario to send reports back as 
they will be wrong anyway. It would be ideal if Mimecast in this case 
introduced the reporting functionality so senders have visibility into their 
traffic. However, not sure if Mimecast are at all considering it. I am sure a 
lot of their customers have requested it but for the moment there is no 
indication that this will happen.


> On 19 Apr 2018, at 11:32, dmarc-discuss-requ...@dmarc.org wrote:
> 
> Send dmarc-discuss mailing list submissions to
>   dmarc-discuss@dmarc.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>   http://dmarc.org/mailman/listinfo/dmarc-discuss
> or, via email, send a message with subject or body 'help' to
>   dmarc-discuss-requ...@dmarc.org
> 
> You can reach the person managing the list at
>   dmarc-discuss-ow...@dmarc.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of dmarc-discuss digest..."
> 
> 
> Today's Topics:
> 
>   1. Re: dmarc-discuss Digest, Vol 72, Issue 2 (Roland Turner)
>   2. Re: dmarc-discuss Digest, Vol 72, Issue 2 (Roland Turner)
>   3. my agg. reports (A. Schulze)
>   4. Re: my agg. reports (Juri Haberland)
>   5. Re: my agg. reports (Alessandro Vesely)
> 
> 
> --
> 
> Message: 1
> Date: Thu, 19 Apr 2018 08:33:42 +0800
> From: Roland Turner <rol...@rolandturner.com>
> To: dmarc-discuss@dmarc.org
> Subject: Re: [dmarc-discuss] dmarc-discuss Digest, Vol 72, Issue 2
> Message-ID: <dd94cae9-7e7b-ff49-839d-96e50fe07...@rolandturner.com>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
> 
> On 19/04/18 00:48, Ivan Kovachev via dmarc-discuss wrote:
> 
>> I found this on Microsoft's website:
>> 
>> "If you have configured your domain's MX records where EOP is not the 
>> first entry, DMARC failures will not be enforced for your domain.
>> If you're an Office 365 customer, and your domain's primary MX record 
>> does not point to EOP, you will not get the benefits of DMARC. For 
>> example, DMARC won't work if you point the MX record to your 
>> on-premises mail server and then route email to EOP by using a 
>> connector. "
>> I guess this is why we are currently not seeing any reports being sent 
>> by Office 365 if it has Mimecast in front of it and as part of the MX 
>> record for receiving domain.
> 
> This is a neat feature: why require customers to separately configure 
> trusted relays when they've already voted with their MX records?
> 
> Only the perimeter (i.e. MX) system - or set of systems under the same 
> administrative control - should be enforcing DMARC:
> 
>  * SPF will always be broken for a downstream system (because it will
>see the IP address of the upstream system)
>  * DKIM will potentially be broken by the upstream system (always in
>Mimecast's case)
> 
> Reporting is probably a no also, because there's no reason at all for 
> Microsoft to disclose this information; from the perspective of the 
> email system the Mimecast->Microsoft transition is an internal step. Are 
> you looking for such reporting to occur?
> 
> - Roland
> 
> -- next part --
> An HTML attachment was scrubbed...
> URL: 
> <http://dmarc.org/pipermail/dmarc-discuss/attachments/20180419/dde6cab7/attachment-0001.html>
> 
> --
> 
> Message: 2
> Date: Thu, 19 Apr 2018 08:35:38 +0800
> From: Roland Turner <rol...@rolandturner.com>
> To: Al Iverson <aiver...@wombatmail.com>, dmarc-discuss@dmarc.org
> Subject: Re: [dmarc-discuss] dmarc-discuss Digest, Vol 72, Issue 2
> Message-ID: <322a635a-d3f6-2417-6223-b92a6da6e...@rolandturner.com>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
> 
> As they're purely internal to a single organisation (the receiving 
> domain, which happens to have outsourced to Mimecast and Microsoft), 
> there's no reason to record the failures but, yes, 
> Authentication-Results: headers might reasonably be expected to contain 
> this information. ARC headers also as they start to appear.
> 
> - Roland
> 
> 
> 
> On 19/04/18 01:36, Al Iverson via dmarc-discuss wrote:
>> So in this scenario, how is O365 denoting the DMARC failures? Is it
>> alerting, or is it something visible only when viewing the message
>> headers?
>> 
>> On Wed, Apr 18, 2018 at 12:48 PM, Ivan Kovachev via dmarc-discuss
>> <dmarc-discuss@

[dmarc-discuss] How to troubleshoot DKIM hash did not verify

2018-04-24 Thread Ivan Kovachev via dmarc-discuss 
Hello all,

could someone help in troubleshooting why DKIM failed at the end recipient due 
to a change in the header or body of the email? Is it possible to figure out 
exactly what changed in the message that invalidated DKIM?

For example, the reason is body hash did not verify but would I be able to find 
out exactly why?

Finally, what would be the best course of action for the sending domain if the 
above cannot be avoided during transmission?
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

[dmarc-discuss] LinkedIn DKIM validation failure resulting in DMARC fail

2018-10-23 Thread Ivan Kovachev via dmarc-discuss 
Hello all,

has anyone noticed that when LinkedIn receives Out-Of-Office/Automatic-Replies 
from domains that are fully configured with DKIM, LinkedIn reports that DKIM 
failed (signature verification failed) and DMARC fails?

Scenario.

1.LinkedIn sends invite to someone @mydomain.com  (hosted 
on Office 365 which is fully configured with SPF and DKIM)
2.mydomain.com  (office 365) sends an automatic reply 
back to Linkedin with empty Mail-From (because it is a bounce) but correctly 
DKIM signed. 
3.LinkedIn sends forensic report back stating that DKIM failed.

However,
when I test the same scenario with GSuite, it verifies correctly and passes 
DMARC.

1. GSuite sends invite to someone  @mydomain.com  (hosted 
on Office 365)
2. mydomain.com  (office 365) sends an out-of-office 
reply back to GSuite with empty Mail-From (because it is a bounce) but 
correctly DKIM signed. 
3. Gsuite correcly verifies the email and DKIM passes.


Does the above indicate wrong DKIM validation done at LinkedIn. Why would they 
be different? The exactly same scenario was used in both tests.___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

[dmarc-discuss] LinkedIn DKIM validation failure resulting in DMARC fail

2018-10-24 Thread Ivan Kovachev via dmarc-discuss 
Hi Roland,

in my tests only LinkedIn reports back that DKIM failed.

Both Yahoo and Google report that DKIM passed for automatic reply messages from 
Office 365. 


=

Ivan,

I've dug into this in the past and confirmed that there is something 
wrong that no-one seemed to want to do anything about. (I forget the 
details but (a) LinkedIn does something slightly unusual in sending its 
invitation (different envelope sender and author domains?), and (b) 
Office 365 does something odd in sending its bounce (DKIM signing for a 
Microsoft domain?))

- Roland

On 23/10/18 8:15 pm, Ivan Kovachev via dmarc-discuss wrote:
> Hello all,
>
> has anyone noticed that when LinkedIn receives 
> Out-Of-Office/Automatic-Replies from domains that are fully configured 
> with DKIM, LinkedIn reports that DKIM failed (signature verification 
> failed) and DMARC fails?
>
> *Scenario.*
>
> 1.LinkedIn sends invite to someone @mydomain.com 
> <http://mydomain.com <http://mydomain.com/>> (hosted on Office 365 which is 
> fully configured 
> with SPF and DKIM)
> 2.mydomain.com <http://mydomain.com <http://mydomain.com/>> (office 365) 
> sends an automatic 
> reply back to Linkedin with empty Mail-From (because it is a bounce) 
> but correctly DKIM signed.
> 3.LinkedIn sends forensic report back stating that DKIM failed.
>
> *However,*
> when I test the same scenario with GSuite, it verifies correctly and 
> passes DMARC.
>
> 1. GSuite sends invite to someone  @mydomain.com 
> <http://mydomain.com <http://mydomain.com/>> (hosted on Office 365)
> 2. mydomain.com <http://mydomain.com <http://mydomain.com/>> (office 365) 
> sends an 
> out-of-office reply back to GSuite with empty Mail-From (because it is 
> a bounce) but correctly DKIM signed.
> 3. Gsuite correcly verifies the email and DKIM passes.
>
>
> Does the above indicate wrong DKIM validation done at LinkedIn. Why 
> would they be different? The exactly same scenario was used in both tests.
>
> ___
> dmarc-discuss mailing list
> dmarc-discuss at dmarc.org <http://dmarc.org/mailman/listinfo/dmarc-discuss>
> http://www.dmarc.org/mailman/listinfo/dmarc-discuss 
> <http://www.dmarc.org/mailman/listinfo/dmarc-discuss>
>
> NOTE: Participating in this list means you agree to the DMARC Note Well terms 
> (http://www.dmarc.org/note_well.html <http://www.dmarc.org/note_well.html>)

___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] LinkedIn DKIM validation failure resulting in DMARC fail

2018-10-24 Thread Ivan Kovachev via dmarc-discuss 
Forgot to add that in all cases the DKIM signing domain was not the default of 
Microsoft but my own custom domain.


> On 24 Oct 2018, at 10:07, Ivan Kovachev  wrote:
> 
> Hi Roland,
> 
> in my tests only LinkedIn reports back that DKIM failed.
> 
> Both Yahoo and Google report that DKIM passed for automatic reply messages 
> from Office 365. 
> 
> 
> =
> 
> Ivan,
> 
> I've dug into this in the past and confirmed that there is something 
> wrong that no-one seemed to want to do anything about. (I forget the 
> details but (a) LinkedIn does something slightly unusual in sending its 
> invitation (different envelope sender and author domains?), and (b) 
> Office 365 does something odd in sending its bounce (DKIM signing for a 
> Microsoft domain?))
> 
> - Roland
> 
> On 23/10/18 8:15 pm, Ivan Kovachev via dmarc-discuss wrote:
> > Hello all,
> >
> > has anyone noticed that when LinkedIn receives 
> > Out-Of-Office/Automatic-Replies from domains that are fully configured 
> > with DKIM, LinkedIn reports that DKIM failed (signature verification 
> > failed) and DMARC fails?
> >
> > *Scenario.*
> >
> > 1.LinkedIn sends invite to someone @mydomain.com 
> > <http://mydomain.com <http://mydomain.com/>> (hosted on Office 365 which is 
> > fully configured 
> > with SPF and DKIM)
> > 2.mydomain.com <http://2.mydomain.com/> <http://mydomain.com 
> > <http://mydomain.com/>> (office 365) sends an automatic 
> > reply back to Linkedin with empty Mail-From (because it is a bounce) 
> > but correctly DKIM signed.
> > 3.LinkedIn sends forensic report back stating that DKIM failed.
> >
> > *However,*
> > when I test the same scenario with GSuite, it verifies correctly and 
> > passes DMARC.
> >
> > 1. GSuite sends invite to someone  @mydomain.com 
> > <http://mydomain.com <http://mydomain.com/>> (hosted on Office 365)
> > 2. mydomain.com <http://mydomain.com/> <http://mydomain.com 
> > <http://mydomain.com/>> (office 365) sends an 
> > out-of-office reply back to GSuite with empty Mail-From (because it is 
> > a bounce) but correctly DKIM signed.
> > 3. Gsuite correcly verifies the email and DKIM passes.
> >
> >
> > Does the above indicate wrong DKIM validation done at LinkedIn. Why 
> > would they be different? The exactly same scenario was used in both tests.
> >
> > ___
> > dmarc-discuss mailing list
> > dmarc-discuss at dmarc.org <http://dmarc.org/mailman/listinfo/dmarc-discuss>
> > http://www.dmarc.org/mailman/listinfo/dmarc-discuss 
> > <http://www.dmarc.org/mailman/listinfo/dmarc-discuss>
> >
> > NOTE: Participating in this list means you agree to the DMARC Note Well 
> > terms (http://www.dmarc.org/note_well.html 
> > <http://www.dmarc.org/note_well.html>)
> 

___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

[dmarc-discuss] Hotmail violating DMARC specification

2018-09-25 Thread Ivan Kovachev via dmarc-discuss 
Hello guys,

would anyone be able to comment on the issue listed here:

https://office365.uservoice.com/forums/264636-general/suggestions/34012756-forwarding-of-calendar-appointments-from-a-dmarc-p
 

 

I have also run some tests using a DMARC protected domain in reject mode and 
hotmail whether manually forwarding, auto-forwarding or redirecting the email 
treats the email in the same way and that is: retains the original From domain 
but the final recipient does the SPF and DKIM checks on the forwarder ie. 
hotmail so DMARC fails and emails are rejected.

___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] DMARC is not disabled automatically at Office 365 when the MX is different

2020-03-09 Thread Ivan Kovachev via dmarc-discuss 
If only I could push them.

On Mon, Mar 9, 2020, 18:32 Kurt Andersen  wrote:

> This is not a topic for the DMARC protocol discussion list. You should
> probably be directing the inquiry to your Exchange support channel - and
> pushing Barracuda to implement ARC (RFC8617) too :-)
>
> Cheers,
>   Kurt Andersen
>
> On Mon, Mar 9, 2020 at 11:20 AM Ivan Kovachev via dmarc-discuss <
> dmarc-discuss@dmarc.org> wrote:
>
>> Hello, It looks like Office 365 with a gateway in front such as Barracuda
>> or another gateway, still does DMARC validation inbound, and quarantines
>> any emails that fail DMARC validation.
>>
>> Should this not be the case since the MX of the receiving domain is that
>> of the Barracuda or whatever other gateway is used?
>>
>> DMARC validation passes at Barracuda, but then Barracuda makes changes to
>> the email which invalidates DKIM/DMARC and Office 365 quarantines them,
>> even though the email initially passed DMARC and was not considered as SPAM
>> at all.
>>
>> How can DMARC validation be turned off or disabled at Office 365 for the
>> above scenario?
>>
>>
>>
>> ___
>> dmarc-discuss mailing list
>> dmarc-discuss@dmarc.org
>> http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>>
>> NOTE: Participating in this list means you agree to the DMARC Note Well
>> terms (http://www.dmarc.org/note_well.html)
>>
>
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

[dmarc-discuss] DMARC is not disabled automatically at Office 365 when the MX is different

2020-03-09 Thread Ivan Kovachev via dmarc-discuss 
Hello, It looks like Office 365 with a gateway in front such as Barracuda or 
another gateway, still does DMARC validation inbound, and quarantines any 
emails that fail DMARC validation. 

Should this not be the case since the MX of the receiving domain is that of the 
Barracuda or whatever other gateway is used? 

DMARC validation passes at Barracuda, but then Barracuda makes changes to the 
email which invalidates DKIM/DMARC and Office 365 quarantines them, even though 
the email initially passed DMARC and was not considered as SPAM at all.

How can DMARC validation be turned off or disabled at Office 365 for the above 
scenario?



___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

[dmarc-discuss] Yahoo reporting results

2020-11-13 Thread Ivan Kovachev via dmarc-discuss 
Hi,

Does anyone know why Yahoo sends reports containing "dmarc=success (p=reject)" 
and what it means? Is it the same as dmarc=pass, if so, why are they not using 
it properly as per the standard?

I have seen it happen for domains in p=none and p=reject, so it is hard to tell 
what they did with the email. Was it accepted or not etc..
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

[dmarc-discuss] Drop or No Google DMARC reports

2021-10-04 Thread Ivan Kovachev via dmarc-discuss 
Hi Everyone,

Has any one recently seen a drop or no DMARC reports at all on a particular day 
being sent from Google?

For example, on the 1st October there were no DMARC reports sent to us to 
backfill the 30th September. Has anyone else got this? 
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)