Re: [dmarc-discuss] exegesis: pass and fail together
I meant to say that the spec is unclear about what you do about **reporting** multiple DKIM results. It's perfectly clear on how to evaluate them. Elizabeth On Thursday, July 7, 2016 9:32 AM, Elizabeth Zwicky via dmarc-discusswrote: SPF can pass without being a relevant pass for DMARC; DMARC requires it not only to pass but also to align with From:. As Alessandro pointed out, your DMARC record specifically prevents a lists.openlib.org SPF pass from being an openlib.org DMARC SPF pass. And yes, it's entirely possible for a message to have 2 or more DKIM signatures, including signatures for the same domain with different results. As long as there exists a DKIM signature that is aligned and passes, the DMARC DKIM result is pass. (As I recall, the spec is unclear about what you do if there are multiple DKIM results. That should probably be fixed and it would be nice if we allowed the selector to be reported as well.) Elizabeth On Tuesday, July 5, 2016 12:54 AM, Thomas Krichel via dmarc-discuss wrote: Hi gang, I am new to DMARC. Google have sent me a report that I attach. I am puzzled by what I am reading. About DKIM openlib.org pass openlib.org fail How can it fail and pass at the same time? Then about SPF 2a01:4f8:190:62e8::68 7 none pass fail openlib.org ... lists.openlib.org pass How can it say that the SPF fails in the policy evaluated, but later say it passes. Could this be me posting to a mailing list, with the from: saying kric...@openlib.org, but forwarded by lists.openlib.org? 2a01:4f8:190:62e8::68 is SPF authorized to send mail for both lists.openlib.org and openlib.org, so this would still be puzzling. -- Cheers, Thomas Krichel http://openlib.org/home/krichel skype:thomaskrichel ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html) ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html) ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
Re: [dmarc-discuss] exegesis: pass and fail together
Hi Thomas, It's not immediately clear from your edits whether the results that you are showing are from the same of the DMARC report; my guess is that they're not. Assuming that my guess is correct: it's worth bearing in mind that a DMARC aggregate report is just that: a report aggregating information about all of the email messages that the Receiver has seen purporting to be from your organisation during the report period (almost always 24 hours). To keep things at a reasonable size, the report groups message reports that have identical dispositions etc. into a single with a , instead of providing a row per message. When interpreting the report, it is important to view each as though it were a completely separate report from the same Receiver. The other thing that occasionally creates confusion is the difference between: - the authentication results (whether a particular authentication evaluation returned true or false at the SPF/DKIM level), and - the effective authentication result when evaluating policy (a pass for an unrelated domain will be treated as a fail for DMARC evaluation purposes; similarly parent vs. child domains if you're using different policies for sub-domains). - Roland -- From: dmarc-discuss <dmarc-discuss-boun...@dmarc.org> on behalf of Thomas Krichel via dmarc-discuss <dmarc-discuss@dmarc.org> Sent: Tuesday, 5 July 2016 15:41 To: DMARC-discuss Subject: [dmarc-discuss] exegesis: pass and fail together Hi gang, I am new to DMARC. Google have sent me a report that I attach. I am puzzled by what I am reading. About DKIM openlib.org pass openlib.org fail How can it fail and pass at the same time? Then about SPF 2a01:4f8:190:62e8::68 7 none pass fail openlib.org ... lists.openlib.org pass How can it say that the SPF fails in the policy evaluated, but later say it passes. Could this be me posting to a mailing list, with the from: saying kric...@openlib.org, but forwarded by lists.openlib.org? 2a01:4f8:190:62e8::68 is SPF authorized to send mail for both lists.openlib.org and openlib.org, so this would still be puzzling. -- Cheers, Thomas Krichel http://openlib.org/home/krichel skype:thomaskrichel ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
Re: [dmarc-discuss] exegesis: pass and fail together
On Tue 05/Jul/2016 09:41:07 +0200 Thomas Krichel via dmarc-discuss wrote: I am new to DMARC. Google have sent me a report that I attach. 2a01:4f8:190:62e8::68 7 none pass fail openlib.org ... lists.openlib.org pass How can it say that the SPF fails in the policy evaluated, but later say it passes. Could this be me posting to a mailing list, with the from: saying kric...@openlib.org, but forwarded by lists.openlib.org? 2a01:4f8:190:62e8::68 is SPF authorized to send mail for both lists.openlib.org and openlib.org, so this would still be puzzling. In addition, your RRs have aspf=s, which prevents a DMARC validator to consider that lists.openlib.org is in the same administrative domain as the message's author: http://tools.ietf.org/html/rfc7489#section-3.1.2 hth Ale -- ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
Re: [dmarc-discuss] exegesis: pass and fail together
There can be 2 DKIM signatures, if e.g. message is forwarded by user. First one from original messages and it probably fails to verify and second one for forwarded messages and it passes. Thomas Krichel via dmarc-discuss пишет: > Hi gang, > > I am new to DMARC. Google have sent me a report that I attach. > I am puzzled by what I am reading. About DKIM > > > openlib.org > pass > > > openlib.org > fail > > > How can it fail and pass at the same time? > Then about SPF > > > > 2a01:4f8:190:62e8::68 > 7 > > none > pass > fail > > > > openlib.org > > > > ... > > >lists.openlib.org >pass > > > > > How can it say that the SPF fails in the policy evaluated, > but later say it passes. Could this be me posting to a mailing > list, with the from: saying kric...@openlib.org, but forwarded > by lists.openlib.org? 2a01:4f8:190:62e8::68 is SPF authorized to > send mail for both lists.openlib.org and openlib.org, so this > would still be puzzling. > > > > ___ > dmarc-discuss mailing list > dmarc-discuss@dmarc.org > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well terms > (http://www.dmarc.org/note_well.html) -- Vladimir Dubrovin @Mail.Ru ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
[dmarc-discuss] exegesis: pass and fail together
Hi gang, I am new to DMARC. Google have sent me a report that I attach. I am puzzled by what I am reading. About DKIM openlib.org pass openlib.org fail How can it fail and pass at the same time? Then about SPF 2a01:4f8:190:62e8::68 7 none pass fail openlib.org ... lists.openlib.org pass How can it say that the SPF fails in the policy evaluated, but later say it passes. Could this be me posting to a mailing list, with the from: saying kric...@openlib.org, but forwarded by lists.openlib.org? 2a01:4f8:190:62e8::68 is SPF authorized to send mail for both lists.openlib.org and openlib.org, so this would still be puzzling. -- Cheers, Thomas Krichel http://openlib.org/home/krichel skype:thomaskrichel dmarc.xml Description: XML document ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)