Wednesday, May 2, 2018

domain name system - Can I use DMARC if SPF fails




I'm trying to enable DMARC.



The problem that I see is that since I use 3rd party companies for marketing emails, DMARC SPF fails for those emails because they put email from their own domain into return path (i.e. bounce email address).



This is what I see in the report:



   
  3rdpartyIP 
  1  
      

    none 
    pass   
    fail 
     
  
   
  mydomain.com   
  
  
      

    mydomain.com   
    pass   
     
   
    3rdparty.domain    
    pass





I.e. auth_results are fine, but policy_evaluated fails.



So the question is:



Is there any way to check only for DKIM in the DMARC policy?



Thanks,
Best regards,

Roman


Answer



What that says is that the none means it's not rejecting the email based on your DMARC Policy. According to DMARC either your ASPF or ADKIM must pass, in your case the ADKIM passes. So it doesn't take a Reject action against the email, if it said reject then you have reason to be concerned. There are email testers that will evaluate your ASPF and ADKIM, but you don't have to, because this is a perfectly normal scenario and nothing for you to worry about.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...