On 14 July 2017 at 16:21, @lbutlr <krem...@kreme.com> wrote: > On 13 Jul 2017, at 15:05, Dominic Raferd <domi...@timedicer.co.uk> wrote: > > On 13 July 2017 at 21:06, @lbutlr <krem...@kreme.com> wrote: > > > > I forward mail to a gmail user, but there are a lot of bounces from > gmail. I don't honestly care about the ones that google says are spam, but > recently I'm also getting DMARC failures on Facebook mails. > > > > Again, not critical, but a bit annoying. > > > > The only thing that I can think to do is disable the forwarding and tell > the user to grab mail via POP3, but that means enabling POP3 which I'd > rather not do. Gmail does not, IFAIK, allow you to combine your mail with > another IMAP account. > > > > Any other ideas? > > > > If you use openDMARC on your own server then rejections by an onward > mailserver (e.g. Gmail) on the grounds of DMARC failure should only occur > when the sender has p=reject DMARC policy and is relying on SPF without > DKIM (or with bad DKIM). > > I have to say, I'd be surprised if this is was Facebook was doing, but I > haven't even looked at DMARC for myself. It's just a milter, yes? And > required DKIM? >
It's a milter, and runs after the opendkim milter. I haven't seen such behaviour by Facebook, only a few (not all) marketing emails from Tesco (UK supermarket chain) and a few (again, not all) from Her Majesty's Revenue and Customs (go figure). Most senders with p=reject DMARC policies understand how to use DKIM and do so. > > My solution for such cases - which are few - is to trap the DMARC > failure message from Gmail and then resend the original email as an > attachment. > > Automated? Or is that something you do manually? Yes I have it automated