Terry Zink via dmarc-discuss:
I'm not sure I follow what the problem is.
AFAIK, we send NDRs from postmaster@ and then use the customer's
default domain. Most customers have this set to *.onmicrosoft.com
which they get when they sign up for the service, and then some flip
it to their custom domain. All domains are signed with their
*.onmicrosoft.com by default (after an initial delay), regardless of
whether or not they have configured DKIM.
Hello Terry,
my initial "problem" are DSN messages from a domain with p=quarantine
that don't authenticate by DMARC.
as you say you apply DKIM signatures with *.onmicrosoft.com. For
customers with defaults also the RFC5322.From should be
postmaster@*.onmicrosoft.com. That's fine.
But I see some DSN with
RFC5322.From=<postmaster@${customer}.emea.microsoftonline.com>
And these can't be authenticated by DKIM and SPF fail also because the
EHLO is *.outbound.protection.outlook.com
When you say "NDR" do you mean "non delivery report" ?
I see DSN, positive "delivery status notification". It's technically
the same but maybe handled different somewhere...
Andreas
_______________________________________________
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
