Thank you for catching that error in the SPF. I've now fixed that however I don't think that was the problem as that's not the IP address the message was sent from. No other emails from the server in question have failed. It's either a specific email, or it's a specific ISP (Comcast is the only place that sends me a fail). I see a permerror under the record/auth_results/spf/result but I don't know what that means. This is also the only place it shows as a fail.
I see this happened on the 14th, a Saturday. Our offices are closed on Saturday so it's unlikely anyone would have been sending an email, at least not from the office. Several of us send from phones over the weekend but it's still using the office mail server to send.
At 05:02 PM 7/19/2018, Todd Weltz wrote:
An email passes DMARC for SPF if:
1. SPF check of the Mail From domain passes*
2. The Mail From domain and the From domain are in alignment (same organizational domain)
So, either
the Mail From was your domain and when SPF was checked it didn't pass, so there's something out of whack with the record
OR
the Mail From didn't match the From (Misaligned)
The RUA reports will identify the Mail From and the SPF Result for that Mail From, so you would know if it is misaligned, or if it was aligned and the SPF check itself failed.
Please note that you have a bad entry in you SPF (assuming you are talking about cds.com) and it could be as simple as that. If it was that IP that the mail came from it would definitely be a factor. Even if it was an item listed earlier in the record, some systems may just fail it out for having a bad record.
a:162.219.65.64 should be listed as ip4:162.219.65.64
Cheers!
On Thu, Jul 19, 2018 at 4:34 PM, Zack Aab via dmarc-discuss <dmarc-discuss@dmarc.org > wrote:
- You can request Forensic Reports for exactly this reason using "ruf=" tag. This function is intended to essentially return a single-email-specific report for every single email that fails DMARC, but many (maybe even most) ISPs don't return Forensic Reports in the interest of the privacy of their users.
- My best,
- Zack Aab
Zack Aab | Senior Deliverability Strategist
- M: 706.870.1061
- Inbox Pros | 678.214.3739
- 1995 North Park Place I Suite 300 | Atlanta, GA 30339Â Â
- On Thu, Jul 19, 2018 at 4:04 PM, Jerry Warner via dmarc-discuss <dmarc-discuss@dmarc.org > wrote:
- Is there a way to get additional details about a rejected email?  I set my SPF record to quarantine after running in test mode for a while and having no problems.  I've continued to watch the reports and all the valid emails were getting through, while the others were not. Perfect.  And then today, I see a record that failed, but it WAS from my server's IP so I assume it was a valid email.
- Is there some way to get more details about the message so I can take a look to see why it's failed?  I don't see anything in the reports that helps me identify who, when, or what email it was.
- _______________________________________________
- dmarc-discuss mailing list
- dmarc-discuss@dmarc.org
- http://www.dmarc.org/mailman/listinfo/dmarc-discuss
- NOTE: Participating in this list means you agree to the DMARC Note Well terms ( http://www.dmarc.org/note_well.html)
- _______________________________________________
- dmarc-discuss mailing list
- dmarc-discuss@dmarc.org
- http://www.dmarc.org/mailman/listinfo/dmarc-discuss
- NOTE: Participating in this list means you agree to the DMARC Note Well terms ( http://www.dmarc.org/note_well.html)
--
Todd Weltz, Software Developer
twe...@agari.com  l M: 416.471.8633 l www.agari.com
Changing Email Security For Good
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
