subject:"\[dmarc\-discuss\] OOF failed DMARC verification by linkedin"

Re: [dmarc-discuss] OOF failed DMARC verification by linkedin

2017-06-05 Thread Jacob Evans via dmarc-discuss

Hey Yeo, 

tldr; 
smtp11.infineon.com. IN TXT "v=spf1 a -all" 
Add this to each mta, all mta's should have A, , and SPF like the one 
above. 

The spf "a" mechanism is for all host entries (so both v4/v6) (see 
http://www.openspf.org/SPF_Record_Syntax#a) 

Thanks, 
-Jake 


From: "dmarc-discuss" <dmarc-discuss@dmarc.org> 
To: "dmarc-discuss" <dmarc-discuss@dmarc.org> 
Sent: Sunday, June 4, 2017 11:09:20 PM 
Subject: [dmarc-discuss] OOF failed DMARC verification by linkedin 



Hi all, 



We just recently enabled DMARC for our outgoing mails. We noticed our out of 
office (OOF) messages to internet so far ok e.g gmail.com. 

But when OOF messages send to linkedin.com we will get DMARC verification 
failed due to Original-Mail-From is blank. 



How to overcome such issue as a sender? 



Thanks. 



Regards, 

Yeo 



___ 
dmarc-discuss mailing list 
dmarc-discuss@dmarc.org 
http://www.dmarc.org/mailman/listinfo/dmarc-discuss 

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html) 
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] OOF failed DMARC verification by linkedin

2017-06-05 Thread Juri Haberland via dmarc-discuss

On 05.06.2017 05:09, Yeo via dmarc-discuss wrote:
> Hi all,
> 
> We just recently enabled DMARC for our outgoing mails. We noticed our out of 
> office (OOF) messages to internet so far ok e.g gmail.com.
> But when OOF messages send to linkedin.com we will get DMARC verification 
> failed due to Original-Mail-From is blank.

If you get a DMARC failure for a mail with a NULL sender, than you
a) don't sign your outgoing bounces/OOO with DKIM
b) you don't have SPF records for your sending mail hosts (e.g.
smtp11.infineon.com)

> How to overcome such issue as a sender?

Add SPF records for every server that is sending mail out to the internet
and/or sign bounces/OOO with DKIM.

  Juri
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] OOF failed DMARC verification by linkedin

2017-06-04 Thread Roland Turner via dmarc-discuss

Despite the error message showing up in a DMARC context, this sounds 
more like a failure in how your OOO responses are created.


For example, if LinkedIn sends you:

   MAIL
   
FROM:<44a037374908b416988bae2914f01ccc32dadbf94fb7b0cceb2b8aa7aa8b5...@bounce.linkedin.com>
   RCPT TO:
   ...
   From: LinkedIn Updates 
   To: User 


Then a human-generated response whould look like:

   MAIL FROM:
   RCPT TO:
   ...
   From: User 
   To: LinkedIn Updates 

(this will bounce of course); while a machine-generated response should 
look something like:


   MAIL FROM:<>
   RCPT
   
TO:<44a037374908b416988bae2914f01ccc32dadbf94fb7b0cceb2b8aa7aa8b5...@bounce.linkedin.com>
   ...
   From: User 
   To: LinkedIn Updates 


The empty MAIL FROM is designed specifically to stop machine-generated 
responses (like OOO responses) from causing the creation of more 
machine-generated responses. By copying the MAIL FROM address of the 
incoming message to the RCPT TO of the machine-generated response, 
LinkedIn is helped to use the VERP information 
(44a037374908b416988bae2914f01ccc32dadbf94fb7b0cceb2b8aa7aa8b585f in 
this case) to automatically work out which address is failing.


However, if you have a buggy OOO generator, you might be doing something 
like:


   MAIL FROM:<>
   RCPT TO:
   ...
   From: User 
   To: LinkedIn Updates 


which is correctly setting MAIL FROM to be empty - as required for 
machine-generated responses - but incorrectly copying RCPT TO from the 
message header rather (From:) than from the envelope (MAIL FROM:). 
Because LinkedIn uses VERP (thereby causing all bounces to go to 
bounce.linkedin.com), they would respond with an error about a blank 
MAIL FROM (because their main domain never receives bounces), which is 
what you're seeing.


- Roland



On 05/06/17 11:09, Yeo via dmarc-discuss wrote:


Hi all,

We just recently enabled DMARC for our outgoing mails. We noticed our 
out of office (OOF) messages to internet so far ok e.g gmail.com.


But when OOF messages send to linkedin.com we will get DMARC 
verification failed due to Original-Mail-From is blank.


How to overcome such issue as a sender?

Thanks.

Regards,

*Yeo*



___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)



___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Re: [dmarc-discuss] OOF failed DMARC verification by linkedin

Re: [dmarc-discuss] OOF failed DMARC verification by linkedin

Re: [dmarc-discuss] OOF failed DMARC verification by linkedin

3 matches

Site Navigation

Mail list logo

Footer information