On Tue 05/Jul/2016 09:41:07 +0200 Thomas Krichel via dmarc-discuss wrote:
I am new to DMARC. Google have sent me a report that I attach.
<record>
<row>
<source_ip>2a01:4f8:190:62e8::68</source_ip>
<count>7</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>openlib.org</header_from>
</identifiers>
<auth_results>
...
<spf>
<domain>lists.openlib.org</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
How can it say that the SPF fails in the policy evaluated,
but later say it passes. Could this be me posting to a mailing
list, with the from: saying kric...@openlib.org, but forwarded
by lists.openlib.org? 2a01:4f8:190:62e8::68 is SPF authorized to
send mail for both lists.openlib.org and openlib.org, so this
would still be puzzling.
In addition, your RRs have aspf=s, which prevents a DMARC validator to consider
that lists.openlib.org is in the same administrative domain as the message's
author:
http://tools.ietf.org/html/rfc7489#section-3.1.2
hth
Ale
--
_______________________________________________
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
