DKIM/SPF problem causing lots of DMARC reports

Question

I get messages from "noreply-dmarc-support@google.com" with a DMARC report as follows:

<?xml version="1.0" encoding="UTF-8" ?>
<feedback>
  <report_metadata>
    <org_name>google.com</org_name>
    <email>noreply-dmarc-support@google.com</email>
    <extra_contact_info>https://support.google.com/a/answer/2466580</extra_contact_info>
    <report_id>---omited---</report_id>
    <date_range>
      <begin>1472169600</begin>
      <end>1472255999</end>
    </date_range>
  </report_metadata>
  <policy_published>
    <domain>mydomain.com</domain>
    <adkim>r</adkim>
    <aspf>r</aspf>
    <p>reject</p>
    <sp>reject</sp>
    <pct>100</pct>
  </policy_published>
  <record>
    <row>
      <source_ip>74.201.84.163</source_ip>
      <count>1</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>pass</dkim>
        <spf>pass</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>mydomain.com</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>mydomain.com</domain>
        <result>pass</result>
      </dkim>
      <spf>
        <domain>mydomain.com</domain>
        <result>pass</result>
      </spf>
    </auth_results>
  </record>
</feedback>

My spf records are:

v=spf1 mx include:zoho.com -all

(zoho is my mail provider, however they are not technically enough to solve this problem...). If I do an IP lookup of

Source: whois.arin.netIP
Address: 74.201.84.163 (United States)
Name: INAP-SJE-ZOHO-35799
Handle: NET-74-201-84-0-1
Registration Date: 11/30/09
Range: 74.201.84.0-74.201.84.255
Customer: ZOHO Corporation
Customer Handle: C02367412
Address: 5200 Franklin Dr, Suite 115
City: PleasantonState/Province: 
CAPostal Code: 94588
Country: UNITED STATES

And the domain sender163-mail.zoho.com points to the above IP. Which all appear to be in range of my SPF record. I have no idea why I receive these messages because everything seems to be in place...

Could it simply be because you're asking to include `zoho.com`'s SPF record which doesn't exist? — Julie Pelletier, Aug 28 '16 at 14:38
@JuliePelletier: there is an SPF record for zoho.com, see `dig txt zoho.com`: `v=spf1 include:spf2.zoho.com include:spf.zoho.com ~all`. And for `spf.zoho.com` and `spf2.zoho.com` records exist too. — Steffen Ullrich, Aug 28 '16 at 15:23

Steffen Ullrich · Accepted Answer · 2016-08-28T14:41:34.100

3

This is not an error report but an aggregate report you probably requested by providing the appropriate DMARC policy (i.e. setting the rua field). The report shows that both DKIM and SPF check pass for this IP address. For more information about how to read this report and how to request it (or stop it) see How to Read Your First DMARC Reports.

edited Aug 28 '16 at 14:41

answered Aug 28 '16 at 14:31

Steffen Ullrich

184,332
29
363
424

So the report also describes messages without DKIM or SPF problems? I thought only the incorrect ones. – Critical joe Aug 28 '16 at 14:59
@Criticaljoe: the information about this topic are often confusing since in the examples you usually have something fail. But the aggregate report actually includes everything. See also the picture in https://dmarc.org/overview/ where you see that pass, quarantine and reject are all added to the aggregate report. – Steffen Ullrich Aug 28 '16 at 15:21

DKIM/SPF problem causing lots of DMARC reports

1 Answers1