On Monday, May 9th, 2022 at 20:35, Alex <mysqlstud...@gmail.com> wrote:
I'm trying to understand why this email from a bank fails DMARC when mxlookup
says the DMARC record is just fine.
https://pastebin.com/0T4Gjn3v
* 1.8 DMARC_REJECT DMARC reject policy
* 6.0 KAM_DMARC_REJECT DKIM has Failed or SPF has failed on the message
* and the domain has a DMARC reject policy
It also passes SPF and DKIM
On 2022-05-09 at 17:28:59 UTC-0400 (Mon, 09 May 2022 21:28:59 +0000)
Laurent S. <110ef9e3086d8405c2929e34be5b4...@protonmail.ch>
is rumored to have said:
As far as I understand, for DMARC to be valid, the enveloppe sender
address and the header From needs to have the same domain.
On 10.05.22 13:53, Bill Cole wrote:
Not so.
One of SPF (using the domain of the envelope sender) or DKIM (using the
domain of the signature) must validate AND the domain used in the
validation must match the domain of the author identified by the From
header.
correct, however:
From: nore...@ess.firstdata.com
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=6g5c7kdjkv3qjrxjsdzn3325ejghli53; d=ess.firstdata.com;
t=1652117979;
h=Date:From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type;
bh=gRPH1y61kVZSDVPNuLr2WQo4Q0dpMd1ELWBGEE4Kp8c=;
b=MHojQsOqw1AZHyOIUQahSlbOQMMfufMtRltQ/Y3RCuYVO628KuErabQFB38mc82y
XcsgPG5Xl5Mck5OwlsK3vrS2cmVxfbBlgVRm6yzZehHaJ54Jakjqb5psalWNE5YN2Dw
h1tHFhykima88hgeOzw/KI8y8VidzkeEI/nHOMkk=
Authentication-Results: mail03.example.com (amavisd-new);
dkim=pass (1024-bit key) header.d=ess.firstdata.com
header.b="MHojQsOq"; dkim=pass (1024-bit key) header.d=amazonses.com
header.b="dwNxlXrW"
so the mail looks to be DMARC valid, while SA produces:
* 6.0 KAM_DMARC_REJECT DKIM has Failed or SPF has failed on the message
* and the domain has a DMARC reject policy
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
(R)etry, (A)bort, (C)ancer
