I'm attempting to use Gmail's feedback loop and have run into some
issues that I was hoping to get some input on. I suspect that the issues
are related to using different domains for SPF and DKIM authentication.
The first issue is that both the "Spam Rate", and "Feedback Loop Spam
Rate" are shown as 0 for a domain that is DKIM signing the messages. The
volume is high enough (millions of messages per day) and lots of opens
are generated -- I would expect to see at least some complaints.
Each message is DKIM signed twice.
The d= domain of the first signature is the domain that appears in the
From address header.
The d= domain of the second signature is a domain that we setup solely
for the purpose of making registering for Google Postmaster Tools easier.
There are hundreds of DKIM keys being used for the first d= domain, most
of which have their DNS managed by customers. Instead of registering
each of the existing DKIM key domains with Google, we dedicated a domain
to DKIM signing and registered it with Google. That domain has both DKIM
and SPF configured (as required for the Gmail Feedback Loop). We are
using different domain names in the Return-Path of the messages, so this
domain should not be involved in SPF authentication.
The "Spam Rate" and "Feedback Loop Spam Rate" are both 0 for second d=
domain.
The second issue is this: If I go to the Authentication page of Google
Postmaster Tools, if I look at the second d= domain, I see a 100% DKIM
success rate and a 0% SPF success rate.
The SPF success rate should not be zero: we do have some customers that
have setup their own custom return-path domain names, and it's
conceivable that some of them have broken SPF records, but those are the
exception, not the rule. If I send a test message to a Gmail account,
Gmail shows both DKIM and SPF as passing.
By contrast, another, low volume domain is having Spam Rate data logged,
and is showing 100% DKIM and SPF success rates. The thing that sticks
out at me as being different about this lower volume domain is that the
same domain name is being used for both DKIM and SPF.
The best guess I can come up with based on all of the above is that
Google Postmaster Tools requires that DKIM and SPF authentication be
performed using the same domain. However, I don't see this in the
documentation for the Gmail Feedback Loop. Is this the case, or does it
sound like I'm running into something else?
Any input would be appreciated.
Thanks,
Matt
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
