[dmarc-discuss] who is wrong: google or opendmarc?

Andreas Schulze sca at andreasschulze.de
Wed Jul 17 03:22:01 PDT 2013


I got a message from an ESP. opendmarc marked it as not passing dmarc:

> From: Zalando-Lounge <newsletter at service3.zalando-lounge.de>
> Authentication-Results: mta.example.org; dmarc=fail  
> header.from=service3.zalando-lounge.de
> Authentication-Results: mta.example.org; dkim=pass
>          reason="1024-bit key; unprotected key"
>          header.d=service3.zalando-lounge.de  
> header.i=newsletter at service3.zalando-lounge.de
>          header.b=CoXLl/BB; dkim-adsp=pass; dkim-atps=neutral
> Authentication-Results: mta.example.org;
>          spf=pass smtp.mailfrom=<test at e3.emarsys.net>  
> smtp.helo=pmta43117.emarsys.net

I contacted the sender. He presented header from gmail. They marked  
such mails with dmarc=pass:
> Received: from pmta43113.emarsys.net (pmta43113.emarsys.net.
>     []) by mx.google.com with ESMTP id  
> z8si4213575eee.359.2013.
>     for <emarsys at gmail.com>; Tue, 16 Jul 2013 23:28:46 -0700 (PDT)
> Received-SPF: pass (google.com: domain of test at e3.emarsys.net
>     designates as permitted sender)
>     client-ip=;
> Authentication-Results: mx.google.com;
>     spf=pass (google.com: domain of test at e3.emarsys.net designates
> as permitted sender) smtp.mail=test at e3.emarsys.net;
>     dkim=pass header.i=test at service3.zalando-lounge.de;
>     dmarc=pass (p=REJECT dis=NONE) d=service3.zalando-lounge.de

$ dig _dmarc.service3.zalando-lounge.de txt +short
"v=DMARC1\; p=reject\; adkim=s\; aspf=r\; rf=afrf\; pct=100\;"

dkim is aligned in strict mode, spf does not match so it's not aligned.

I found a message from Franck  
"As long as one authentication mechanism passes and is aligned then  
DMARC passes"

But here relaxed spf alignment is expilicit requested...

Who is wrong?


More information about the dmarc-discuss mailing list