1

I'm trying to enable DMARC.

The problem that I see is that since I use 3rd party companies for marketing emails, DMARC SPF fails for those emails because they put email from their own domain into return path (i.e. bounce email address).

This is what I see in the report:

<row>   
  <source_ip>3rdpartyIP</source_ip> 
  <count>1</count>  
  <policy_evaluated>    
    <disposition>none</disposition> 
    <dkim>pass</dkim>   
    <spf>fail</spf> 
  </policy_evaluated>   
</row>  
<identifiers>   
  <header_from>mydomain.com</header_from>   
</identifiers>  
<auth_results>  
  <dkim>    
    <domain>mydomain.com</domain>   
    <result>pass</result>   
  </dkim>   
  <spf> 
    <domain>3rdparty.domain</domain>    
    <result>pass</result>   
  </spf>    
</auth_results>

I.e. auth_results are fine, but policy_evaluated fails.

So the question is:

Is there any way to check only for DKIM in the DMARC policy?

Thanks, Best regards, Roman

Roman_T
  • 333
  • 1
  • 4
  • 14
  • If you send mail via a third party, then your SPF record needs to be changed to reflect this. – Michael Hampton Oct 01 '16 at 19:33
  • Yes, of course. I've changed SPF record accordingly - that's why auth_results for SPF is "pass". But DMARC policy evaluation shows it as "fail" because return-path address doesn't match my domain. I.e. 3rd party company uses it's own email addresses for return-path. But apparently DMARC only needs SPF OR DKIM to be "pass". And since DKIM evaluation is "pass", whole DMARC result is "pass". That's what I wanted to confirm. – Roman_T Oct 03 '16 at 13:38

1 Answers1

2

What that says is that the <disposition>none</disposition> means it's not rejecting the email based on your DMARC Policy. According to DMARC either your ASPF or ADKIM must pass, in your case the ADKIM passes. So it doesn't take a Reject action against the email, if it said <disposition>reject</disposition> then you have reason to be concerned. There are email testers that will evaluate your ASPF and ADKIM, but you don't have to, because this is a perfectly normal scenario and nothing for you to worry about.

Henry
  • 910
  • 1
  • 5
  • 17