Tuesday, April 23, 2019

postfix - Interpreting a DMARC report that seems to have conflicting data



I recently implemented DMARC in monitoring mode, in order to begin preparing all the domains I manage. Here is the aggregate report for yesterday. I don't understand why DKIM would evaluate to false under policy_evaluated when DKIM is marked pass under auth_results. This domain (mydomain.io) sent one message yesterday (my own server is the SMTP server) to another domain I manage (myotherdomain.net) whose MX is Google Apps.







google.com
noreply-dmarc-support@google.com
https://support.google.com/a/answer/2466580
xxx711

1469923200
1470009599




my.domain.io
r
r

none


none
100




23.92.28.xx
1

none
fail
pass




mydomain.io



myotherdomain.net
pass


mydomain.io
pass






Answer



It is failing because the domain isn't aligned for DKIM



The calculation of the result in "Policy Evaluated" can be made as follows:





  1. Is the result in "Auth results" Pass?

  2. Is the domain in "Auth results" aligned? That is, is the domain in "Auth results" the same domain on "Policy Published"?



If 1 and 2 are Yes then the result is Pass, otherwise is Fail



In your case, for DKIM #1 is Yes, but #2 is No because the domain on "Policy Published " is "mydomain.io" but the domain reported in the "Auth results" for DKIM is "myotherdomain.net "


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...