I have enable DMARC feedback for my server. I am getting the following messages, in this case from google, but I've gotten similar from att.net, Microsoft and others:
Email Provider: google.com
Report Id: 7844382628123659573
Report Start Date: 2022-08-25 20:00:00
Report End Date: 2022-08-26 19:59:59
Domain: mercureytech.com
<adkim> DKIM Alignment: r Relaxed
<aspf> SPF Alignment: r Relaxed
<p> Public Key: none
<sp> Subdomain Policy: none
<pct> Policy Applies: 100%
Source IP: 24.142.169.11
Email Volume: 1
Policy Disposition: none
DKIM Disposition: fail
SPF Disposition: pass
Header From: mercureytech.com
DKIM Auth. Domain: mercureytech.com
DKIM Results: fail
DKIM Selector: mercmail
SPF Auth. Domain: mercureytech.com
Note the "DKIM Disposition: fail" and "DKIM Results: fail". Why am I getting this? Third party tools such as dmarcanalyzer.com and others indicate a valid DKIM record and if I examine headers from this domain it says "dkim=pass (1024-bit key) header.d=mercureytech.com header.i=@mercureytech.com"
So why the DKIM failures being reported on the DMARC reports from these service providers?
12-Sep
OK, I've gathered some information. I've checked your dnsviz.net and the Notice marked "ERROR" which says "THe response had an invalid RCODE ..." the servers listed are the name servers of Network Solutions. I've looked up this error and found, "This indicates that the DNS server returned a 'SERVFAIL' error when it attempted to look up the domain in DNS."
Not sure what I could do about this. The domain mercureytech.com is registered with Network Solutions and the server specified in the error (162.159.26.132) is Network Solutions' name server ns23.worldnic.com.
I have a recent gmail DMARC report as of this morning from an email sent yesterday:
Email Provider: google.com
Report Id: 6687317408563956953
Report Start Date: 2022-09-10 20:00:00
Report End Date: 2022-09-11 19:59:59
Domain: mercureytech.com
<adkim> DKIM Alignment: r Relaxed
<aspf> SPF Alignment: r Relaxed
<p> Public Key: none
<sp> Subdomain Policy: none
<pct> Policy Applies: 100%
Source IP: 24.142.169.11
Email Volume: 30
Policy Disposition: none
DKIM Disposition: fail
SPF Disposition: pass
Header From: mercureytech.com
DKIM Auth. Domain: horeb-wright3.org
DKIM Results: fail
DKIM Selector: horeb
SPF Auth. Domain: mercureytech.com
I don't have what is received at gmail by way of headers, but I also received this message at my server and I suppose the headers should be similar. If not, I can arrange for a message to be also sent to a gmail account I own. The following are the headers I received for this message at my mail sever:
From noreply@mercureytech.com Sun Sep 11 06:00:07 2022
Return-Path: <noreply@mercureytech.com>
Received: from mail.mercureytech.com (rrcs-24-142-169-11.mail.mercureytech.com [24.142.169.11] (may be forged))
by server.novatec-inc.com (8.15.2/8.15.2) with ESMTPS id 28BA05hp008998
(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
for <mfoley@novatec-inc.com>; Sun, 11 Sep 2022 06:00:05 -0400
Authentication-Results: server.novatec-inc.com;
dkim=fail reason="signature verification failed" (1024-bit key) header.d=horeb-wright3.org header.i=@horeb-wright3.org header.b=oxKZuL5k
Received: from mail.mercureytech.com (localhost [127.0.0.1])
by mail.mercureytech.com (8.17.1/8.15.2) with ESMTP id 28BA025T020199
for <mfoley@novatec-inc.com>; Sun, 11 Sep 2022 06:00:04 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=horeb-wright3.org;
s=horeb; t=1662890404;
bh=mavbdSeWGydRvJ1XB+84YVwYKuor+lsP2JEciknt0Yk=;
h=Date:From:To:Subject;
b=oxKZuL5k1zAhr9bf7mKR6gzH2/a9jA/loJcw+6qgiGEsmCFAydHtrAZdoOzruJqxH
oV3qMBvs4jHa58pPWrfXfAAF+UCGZ85Jx+J0PAnDapryWT8LltpA6yuaRgCGsVhY1F
tlv2p+cS/LyJWRGBZfYaNzbKCJUm/C4EzXOpvL80=
Received: (from root@localhost)
by mail.mercureytech.com (8.17.1/8.17.1/Submit) id 28BA01H9020010
for mfoley@novatec-inc.com; Sun, 11 Sep 2022 06:00:01 -0400
It says the dkim authentication failed. I'll investigate that as I thought this was working before.
