Re: [mailop] Does iCloud accept forwards?

[Bill Cole via mailop]

On 2024-05-16 at 23:40:57 UTC-0400 (Thu, 16 May 2024 20:40:57 -0700)
Mark Fletcher via mailop 
is rumored to have said:

Does the above mean that the message we sent was forwarded on from 
siark.com

to an iCloud address?


Yes. That's a SRS address. Invented and deployed to preserve viability 
of forwarding in the face of SPF.



If that's true, the envelope from and the message
from are domains other than groups.io, so why would they associate any
authentication failures to us (and start deferring email from us)?


Incompetence?


Just from the DKIM header?


That's the only obvious source, but you'd have to find out from them. 
Whatever they are doing is wrong.



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com 
addresses)

Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Does iCloud accept forwards?

[John Levine via mailop]

It appears that Mark Fletcher via mailop  said:
>Can you please have your email administrators check your SPF / DKIM
>>  settings and ensure that mail sent from your domain has valid DMARC
>> signatures in accordance with the DMARC policies that you have defined for
>> your domain.
>
>As you can see we are not able to validate your SPF and DKIM records:
>
>> < Dkim :dkim=fail reason="signature verification failed" (2048-bit key)
>> header.d=groups.io header.i=@groups.io header.b=Y9CUx0w1>

Something is strange there. I get lots of mail from groups.io and it
all has valid DKIM signatures. They also rewrite From: headers to
avoid overeager DMARC policies.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Does iCloud accept forwards?

[Mark Fletcher via mailop]

Hi All,

ICloud started deferring a lot of Groups.io email this afternoon, so I
contacted their postmaster address. They responded promptly. I am just a
simple unfrozen caveman lawyer, and I'm not sure I understand what's going
on. I'm hoping someone might be able to help (Groups.io is an email group
hosting service, similar to Google Groups).

The relevant part of their response is as follows:

Can you please have your email administrators check your SPF / DKIM
>  settings and ensure that mail sent from your domain has valid DMARC
> signatures in accordance with the DMARC policies that you have defined for
> your domain.
>

As you can see we are not able to validate your SPF and DKIM records:
>


> < Dkim :dkim=fail reason="signature verification failed" (2048-bit key)
> header.d=groups.io header.i=@groups.io header.b=Y9CUx0w1>
>


> SPf:timestamp="May 16 23:14:05" lvl="5" thread="2612246/1"
> uuid="caa009c7-e0a1-4d83-a0da-97716659a01f" Insert header
>  SRS0=b6ba=mt=groups.io=bounce+redac...@siark.com does not designate
> permitted sender hosts) smtp.mailfrom="SRS0=b6ba=mt=groups.io=
> bounce+redac...@siark.com">>


We did in fact send an email group message, at this time, to someone at @
siark.com, with the "bounce+REDACTED" envelope from, except that our
envelope from was from groups.io and didn't have the "SRS0=b4ba=mt=groups.io="
prefix. The message was sent to the group from a msn.com address. For group
messages, we replace any incoming DKIM header with our own. For this
particular email, we kept the original From line, originating from @msn.com,
because msn.com's DMARC record is p=none. The siark.com recipient has been
a member of this group since 2020.

Does the above mean that the message we sent was forwarded on from siark.com
to an iCloud address? If that's true, the envelope from and the message
from are domains other than groups.io, so why would they associate any
authentication failures to us (and start deferring email from us)? Just
from the DKIM header?

Thanks,
Mark
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop