On Sun, Jun 21, 2020 at 10:32 AM Paul M. Beck via dmarc-discuss < dmarc-discuss@dmarc.org> wrote:
> I am new to DMARC But I am seeing summary reports containing DKIM=pass > SPF=fail for server(s) that should not be able to send email on our behalf. > I have seen this for more than one server/domain as I assist with a number > of installations. > > How can another server have my freshly generated DKIM? > > If these are rejections of our outbound email why is it going to google? > > I can include the summary report, but since I've seen this often I assume > I am missing something. > > Thanks in advance, > > Paul > > > Paul, The best way to think of it is that SPF is host (server) based but DKIM is message based. In DKIM, as long as a message is correctly signed, then by definition the signing host or appliance has the private signing key and is "authorized". If you look at an SPF record it specifies authorized hosts. If you look at a DKIM record, all you are seeing is a public key. Michael Hammer
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)