Gmail does not require DKIM for DMARC. Using only SPF works according to the spec.
If people really want to shoot themselves in the foot by only using SPF with DMARC, we let them. If you don't have the dmarc reject, you can see the messages that are delivered and see the AuthRes headers to see what we thought of the message. All things being equal, I'd guess it's alignment... actually, not only is it alignment, but you're sending from a sub-domain, which for SPF requires that there is an SPF record on the sub-domain (there is no look at the higher domain like with DMARC). Google will calculate a "zone" SPF in this case, but that fallback isn't used for DMARC because that's not part of the spec. Brandon On Tue, Jun 2, 2020 at 8:08 AM Benoit Panizzon via mailop <mailop@mailop.org> wrote: > Hi Gang > > I'm on the way of more widely deploying DMARC and also testing DKIM > once again. Also on our ISP email service domains. > > So at the moment I'm only using DMARC with SPF. According to my > reading on how DMARC works, if no DKIM record is published, a passing > SPF record is sufficient for authentication. > > But as soon as I set p=reject Gmail is rejecting all emails: > > <xxxxxxxxx>: host aspmx.l.google.com[2a00:1450:4013:c04::1a] said: > 550-5.7.26 Unauthenticated email from imp.ch is not accepted due to > domain's 550-5.7.26 DMARC policy. Please contact the administrator of > imp.ch domain if 550-5.7.26 this was a legitimate mail. Please visit > 550-5.7.26 https://support.google.com/mail/answer/2451690 to learn > about > the 550 5.7.26 DMARC initiative. i4si1617970edq.200 - gsmtp (in reply > to > end of DATA command) > > imp.ch descriptive text "v=spf1 ip6:2001:4060::/32 ip4:157.161.0.0/16 ip4: > 217.173.238.128/27 ip6:2a00:ec0:1::/64 -all" > > _DMARC.imp.ch descriptive text "v=DMARC1; p=none; rua=mailto: > dmarc-rep...@imp.ch; ruf=mailto:dmarc-rep...@imp.ch; aspf=s" > (reverted to p=none) > > That email was sent from: 2001:4060:1:1002::139:139 which passes SPF. > > Any idea what is going wrong? Is Gmail's DMARC implementation broken > and REQUIRES DKIM violating RFC? > > Mit freundlichen Grüssen > > -Benoît Panizzon- > -- > I m p r o W a r e A G - Leiter Commerce Kunden > ______________________________________________________ > > Zurlindenstrasse 29 Tel +41 61 826 93 00 > <+41%2061%20826%2093%2000> > CH-4133 Pratteln Fax +41 61 826 93 01 > <+41%2061%20826%2093%2001> > Schweiz Web http://www.imp.ch > ______________________________________________________ > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
