On Fri, 2018-07-20 at 09:30 -0400, Jerry Warner wrote: > Posting it in text just now I see a link for Linkedin. I'll take that as > a clue. OK, did a search of the mail logs for that date. Nothing with > "linkedin" is listed in the logs.
Are they not details an aggregate report from LinkedIn? I thought it was Comcast that sent the report? If that's the IP (24.142.161.51) that was reported having a PERMFAIL on the SPF in the original report you posted, then my money is still on that being caused by your faulty SPF record. Even if that wasn't the IP that had the incorrect entry. > Without knowing something about the email it would be pretty hard to find > it in the server logs. There isn't even a time listed. Aggregate reports are not intended to give that level of detail and forensic reports, which are, are rarely supported because of previously mentioned privacy concerns. A thorough understanding of your mail flow combined with aggregate reports is usually sufficient to see exactly what might be breaking DMARC policy. Using separate selectors for DKIM (e.g. one for service desk emails etc.) can also be a useful strategy to help get more value from aggregate reports. Ken. _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
