In one version you also havedkim=pass (1024-bit key; unprotected) header.d=amazon.de header.i=@marketplace.amazon.de header.b=AOE4Rr31 which is an aligned pass because marketplace.amazon.de inherits amazon.de's record which doesn't specify strictness of alignment and therefore defaults to relaxed. You actually have both multiple results in a single Authentication-Results header and multiple Authentication-Results headers.
Elizabeth On Tuesday, June 16, 2015 11:03 AM, A. Schulze via dmarc-discuss <dmarc-discuss@dmarc.org> wrote: Hello John, John Levine via dmarc-discuss: > It looks fine. in which sense? - RFC5322.From is "amazon.DE" - SPF pass for "bounces.amazon.COM" - DKIM pass for "amazonses.COM" so neither SPF nor DKIM is aligned. according to the published record the message should be quarantined: $ opendmarc-check amazon.de DMARC record for amazon.de: Sample percentage: 100 DKIM alignment: relaxed SPF alignment: relaxed Domain policy: quarantine Subdomain policy: unspecified Aggregate report URIs: mailto:dmarc-repo...@bounces.amazon.com Forensic report URIs: mailto:dmarc-repo...@bounces.amazon.com > How does your code pass the DKIM validation results to the DMARC code? it's a bunch of milters plugged to postfix: smf-spf + opendkim + opendmarc >> Authentication-Results: idvmailin13.datevnet.de; >> dkim=pass (1024-bit key; unprotected) header.d=amazonses.com >> header.i=@amazonses.com header.b=IGahw/4Y >> Authentication-Results: idvmailin13.datevnet.de; >> spf=pass >> smtp.mailfrom=<201506160039204c745a2b7a8d4cd89e6e312cb96417e9-cuo19kbgo1...@bounces.amazon.com> >> smtp.helo=a0-79.smtp-out.eu-west-1.amazonses.com > > I have never seen an A-R implementation that added multiple headers. > Everyone else puts all the results in one header, separated by > semicolons. If your code reads the A-R header, that's likely the > problem, it only expects one A-R header so it only looks at the first > one, which in this case happens not to include a result that makes > DMARC happy. Oh, never thought about that. I know that scheme (separate A-R header) since years. You're right. they may be combined to only one A-R. But the way I use it they insert multiple A-R header. Would be good to hear from Murray if this is the intended use-case for OpenDMARC. In general I know OpenDMARC simply as an A-R header parser. So my assumptions could not be completely wrong... Andreas _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)