I'm not sure I follow what the problem is. AFAIK, we send NDRs from postmaster@ and then use the customer's default domain. Most customers have this set to *.onmicrosoft.com which they get when they sign up for the service, and then some flip it to their custom domain. All domains are signed with their *.onmicrosoft.com by default (after an initial delay), regardless of whether or not they have configured DKIM.
From: dmarc-discuss [mailto:dmarc-discuss-boun...@dmarc.org] On Behalf Of A. Schulze via dmarc-discuss Sent: Thursday, December 21, 2017 5:25 AM To: dmarc-discuss@dmarc.org Subject: Re: [dmarc-discuss] DSN from microsoftonline.com Am 21.12.2017 um 02:03 schrieb Roland Turner via dmarc-discuss: Hello Roland, > Have you explored whether the organisations whose DSNs are failing DMARC also > have the rest of their email failing DMARC? at least I didn't have seen messages from those organisations with non empty RFC5231.MailFrom > The use of the ${customer}.onmicrosoft.com domain to sign is consistent with > domains for which DKIM signing hasn't been turned on. (It could also be a > DSN-handling bug of course.) Ah! maybe Terry can have a look at this! Andreas
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)