Hi Bill, you misunderstood the question.
Both messages (the first one and the one from Mailchimp) fails DMARC as both are sending with a gmail.com in the From and of course they both fail DMARC. BUT, the one from Mailchimp is not classified as dangerous, while the first one is classified dangerous. We (a small italian ESP) sends email for "gmail.com" senders and, like Mailchimp, we have no problem reaching inbox (or Promotions) with DMARC failing and we see not "dangerous" warning on our "dmarc failing" email. Like Brandon wrote in another comment, it probably change the behaviour depending on reputations (dkim domain reputation/ip reputation). Once Gmail.com will move to quarantine or reject then Mailchimp (and others) will start altering the From and only use the gmail.com address in the Reply-to, like they (and we) are already doing for yahoo.com (and other) senders. Stefano On Thu, 2 Aug 2018 at 00:26, Bill Cole <mailop-20160...@billmail.scconsult.com> wrote: > > On 1 Aug 2018, at 10:34 (-0400), Emanuel Gonzalez wrote: > > > Hello, thanks for the reply. I never had problems until today. > > > > > > Here the mailchimp header: > > [...] > > ARC-Authentication-Results: i=1; mx.google.com; > > dkim=pass header.i=@mail213.atl171.mcdlv.net header.s=k1 > > header.b=eLWpUpKv; > > dkim=pass header.i=@gmail.mcsv.net header.s=k1 > > header.b=Tv6+avr7; > > spf=pass (google.com: domain of > > bounce-mc.us15_75091638.537013-emawata=gmail....@mail213.atl171.mcdlv.net > > designates 198.2.138.213 as permitted sender) > > smtp.mailfrom="bounce-mc.us15_75091638.537013-emawata=gmail....@mail213.atl171.mcdlv.net"; > > dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) > > header.from=gmail.com > > That's a DMARC fail because your "From:" is not aligned to any DKIM > signature. > > [...] > > Authentication-Results: mx.google.com; > > dkim=pass header.i=@mail213.atl171.mcdlv.net header.s=k1 > > header.b=eLWpUpKv; > > dkim=pass header.i=@gmail.mcsv.net header.s=k1 > > header.b=Tv6+avr7; > > spf=pass (google.com: domain of > > bounce-mc.us15_75091638.537013-emawata=gmail....@mail213.atl171.mcdlv.net > > designates 198.2.138.213 as permitted sender) > > smtp.mailfrom="bounce-mc.us15_75091638.537013-emawata=gmail....@mail213.atl171.mcdlv.net"; > > dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) > > header.from=gmail.com > > That's a DMARC fail because your "From:" is not aligned to any DKIM > signature. > > > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=k1; > > d=mail213.atl171.mcdlv.net; > [...] > > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=k1; > > d=gmail.mcsv.net; > [...] > > Those signatures (both done by MailChimp) will only align to a From > header address in one of those 'd=' domains. > > [...] > > From: Emanuel <emaw...@gmail.com> > > That does not align to any signature, so DMARC fails. > > > But wait! There's MORE! > > > Sender: Emanuel <emawata=gmail....@mail213.atl171.mcdlv.net> > > If that address had been in the From header, the message might have > passed DMARC, because it aligns with a signature. > > If you want DMARC to work for your mail, use a From header for which you > (or your ESP) can legitimately create a DKIM signature. > If you want undefined and inscrutably random behavior by receivers based > on your DKIM signatures, make sure they don't align to your From header > and so cannot pass DMARC. > > -- > Bill Cole > b...@scconsult.com or billc...@apache.org > (AKA @grumpybozo and many *@billmail.scconsult.com addresses) > Currently Seeking Steadier Work: https://linkedin.com/in/billcole > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- Stefano Bagnara Apache James/jDKIM/jSPF VOXmail/Mosaico.io/VoidLabs _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
