Very common Edward. You’ll also see this when you email distribution lists or when people have forwarding rules setup on their inboxes. These are situations where DKIM is required for a successful DMARC validation.
Best, Randal https://redsift.com > On 17 Nov 2018, at 18:32, Edward Siewick via dmarc-discuss > <dmarc-discuss@dmarc.org> wrote: > > ------------------------------------------- > Authentication: pass > Contents: pass > Trust: warn > ------------------------------------------- > * Message scanned by OnINBOX from Red Sift * > > > I'm requesting insights on an oddity in impacting the Source IP appearing in > received RUA reports. > > A university receiving my organization's emails is sending RUAs that identify > the university's own mailhosts as the Source IP for the messages. The DKIM > domain reflects my organization's named domains. Their explanation is that > the mail is being forwarded internally from an external facing AWS-hosted > mailhost to a gmail service that handles their end user mailboxes. > > The resulting records in the RUA reports look rather hinky to me. I have an > opportunity to discuss the matter with the university's software engineer > responsible for this. So insights on whether RUAs with other than the true > original Source IP is commonplace would be helpful. > > Edward > > -- > > > _______________________________________________ > dmarc-discuss mailing list > dmarc-discuss@dmarc.org > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well terms > (http://www.dmarc.org/note_well.html) -- Red Sift is the power behind OnDMARC You can find us at 20 Air Street, 4th Floor at Wayra, London, W1B 5AN Red Sift is a limited company registered in England and Wales. Registered number: 09240956. Registered office: Kemp House, 152 City Road, London, EC1V 2NX. _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
