[dmarc-discuss] Amazon email rejected by OpenDMARC but SPF & DKIM are OK

A. Schulze sca at andreasschulze.de
Tue Sep 30 05:29:04 PDT 2014

Arnaud de Prelle via dmarc-discuss:

>   Received-SPF: Pass (icecube.pnzone.net: domain of  
> bounces.amazon.com designates as permitted sender)  
> client-ip=;  
> envelope-from="2014092923KDLU8DNWCC at bounces.amazon.com";  
> helo=a0-150.smtp-out.eu-west-1.amazonses.com;  
> receiver=icecube.pnzone.net; mechanism="include:amazon.com";  
> identity=mailfrom
>   DMARC-Filter: OpenDMARC Filter v1.3.0 icecube.pnzone.net s8TNlnH1021919
>   Authentication-Results: icecube.pnzone.net; dmarc=fail  
> header.from=amazon.fr
>   Authentication-Results: icecube.pnzone.net; dkim=pass
>     reason="1024-bit key; unprotected key"
>     header.d=amazonses.com header.i=@amazonses.com header.b=BOrJMGL0;
>     dkim-adsp=pass; dkim-atps=neutral

looks like you miss "AddAllSignatureResults yes" in opendkim.conf
Without you have only an AR header for amazonses.com but not for .fr

The SPF Result is invisible for opendmarc which result in dmarc=fail
search for a recent discussion about that on opendmarc-users ML


More information about the dmarc-discuss mailing list