[dmarc-discuss] who is wrong: google or opendmarc?

Andreas Schulze sca at andreasschulze.de
Wed Jul 17 03:22:01 PDT 2013


Hallo,

I got a message from an ESP. opendmarc marked it as not passing dmarc:

> From: Zalando-Lounge <newsletter at service3.zalando-lounge.de>
> Authentication-Results: mta.example.org; dmarc=fail  
> header.from=service3.zalando-lounge.de
> Authentication-Results: mta.example.org; dkim=pass
>          reason="1024-bit key; unprotected key"
>          header.d=service3.zalando-lounge.de  
> header.i=newsletter at service3.zalando-lounge.de
>          header.b=CoXLl/BB; dkim-adsp=pass; dkim-atps=neutral
> Authentication-Results: mta.example.org;
>          spf=pass smtp.mailfrom=<test at e3.emarsys.net>  
> smtp.helo=pmta43117.emarsys.net

I contacted the sender. He presented header from gmail. They marked  
such mails with dmarc=pass:
> Received: from pmta43113.emarsys.net (pmta43113.emarsys.net.
>     [91.211.243.113]) by mx.google.com with ESMTP id  
> z8si4213575eee.359.2013.07.16.23.28.46
>     for <emarsys at gmail.com>; Tue, 16 Jul 2013 23:28:46 -0700 (PDT)
> Received-SPF: pass (google.com: domain of test at e3.emarsys.net
>     designates 91.211.243.113 as permitted sender)
>     client-ip=91.211.243.113;
> Authentication-Results: mx.google.com;
>     spf=pass (google.com: domain of test at e3.emarsys.net designates
>     91.211.243.113 as permitted sender) smtp.mail=test at e3.emarsys.net;
>     dkim=pass header.i=test at service3.zalando-lounge.de;
>     dmarc=pass (p=REJECT dis=NONE) d=service3.zalando-lounge.de

$ dig _dmarc.service3.zalando-lounge.de txt +short
"v=DMARC1\; p=reject\; adkim=s\; aspf=r\; rf=afrf\; pct=100\;"

dkim is aligned in strict mode, spf does not match so it's not aligned.

I found a message from Franck  
(http://www.dmarc.org/pipermail/dmarc-discuss/2012-August/001310.html)
"As long as one authentication mechanism passes and is aligned then  
DMARC passes"

But here relaxed spf alignment is expilicit requested...

Who is wrong?

Andreas



More information about the dmarc-discuss mailing list