Please bottom post on this list (and see below) On 28 December 2017 at 07:05, Poliman - Serwis <ser...@poliman.pl> wrote: > For particular domain from report dkim works well. I checked it here > http://dkimcore.org/c/keycheck. Mails from this domain are sent by > s1.domain.net server. Should be dkim configured for domain name of the > server which corresponds to IP mentioned earlier? > > 2017-12-28 7:46 GMT+01:00 Poliman - Serwis <ser...@poliman.pl>: >> >> All is clear but how setup dmarc per IP address of the server if dmarc is >> based on spf and dkim which are based on particular domain? >> >> 2017-12-27 10:37 GMT+01:00 Dominic Raferd <domi...@timedicer.co.uk>: >>> >>> On 27 December 2017 at 07:22, Poliman - Serwis <ser...@poliman.pl> wrote: >>> > I configured yesterday spf, dkim, dmarc for example.com. Today I got >>> > report >>> > in xml on my mailbox. Attached. One from addresses has dkim failed - >>> > marked >>> > in orange...
Setting spf should not be necessary if you are setting a dkim header correctly in all the outgoing emails for the domain in question. Indeed I would go further and say that setting an spf DNS record for your domain is inadvisable when testing dmarc because it can mask underlying dkim problems. In order to pass dmarc alignment testing, opendkim needs to insert into the outgoing email a dkim header with a signing domain (d=) matching the domain in the internal 'From:' header. The server name or ip that it has come from is irrelevant for dkim. If your mail passes dkim check-summing and dkim alignment when tested at its destination for dmarc, it will pass overall regardless of any spf (and vice versa).
