Hi all,
I've recently set up DMARC, SPF and DKIM. I'm now checking all DMARC
reports I'm receiving. I've noticed the below entry which looks like an IP
which is outside my control and is also not of a usual sender (the entries
that are legit are usually coming from 2 ISP mailservers and I see those
IPs on a daily basis). So this one entry seems to be off.
Now I wonder what I should conclude from this DMARC entry.
Is this an email server, which successfully auths (using SPF and DKIM, so I
can be "assured" it's actually the mailserver intended for otherdomain.com?)
sending out an email in the name of mydomain.com?
Note that mydomain.com is doing business with otherdomain.com. So perhaps
I'm reading this entry incorrectly. However I don't see any incoming email
for mydomain.com from them at that time which would mean this must have
been a mail addressed to another domain.
I don't see any reason why this company would need to send emails in name
of my domain. I know I can change the policy using DMARC to drop such
emails but nonetheless it seems interesting to investigate what's going on
here.
Am I interpreting this entry correctly? Thanks a lot in advance.
<record>
<row>
<source_ip>w.x.y.z</source_ip>
<count>4</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>mydomain.com</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>otherdomain-com.20150623.gappssmtp.com</domain>
<result>pass</result>
<selector>20150623</selector>
</dkim>
<spf>
<domain>otherdomain.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
_______________________________________________
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
