0

I have a DMARC failure case that I can't understand.

DKIM is not in place, my DNS entires are the following

MX mymailserver.com IP_adress_of_my_email_server
TXT mydomain.com v=spf1 mx ~all
TXT _dmarc.mydomain.com v=DMARC1; rua=myemailadress; ruf=myemailadress; p=none; pct=100; fo=1;

But I received from Linkedin some failure report due to the "Out of office" notification send automaticaly to Linkedin.

The mail header is the following:

mail714.prod.linkedin.com; iprev=pass policy.iprev="IP_adress_of_my_email_server"; spf=neutral smtp.mailfrom="" smtp.helo="mymailserver.com"; dkim=none (message not signed) header.d=none; tls=none; dmarc=fail (p=none; dis=none) header.from=mydomain.com

From my understanding, this record is compliant with the SPF record and by the way should not failed because the MX server is allow in the SPF.

But, it get this failure feedback from Linkedin :

  <record>
   <row>
     <source_ip>IP_adress_of_my_email_server</source_ip>
     <count>1</count>
     <policy_evaluated>
       <disposition>none</disposition>
       <dkim>fail</dkim>
       <spf>fail</spf>
     </policy_evaluated>
   </row>
   <identifiers>
     <header_from>mydomain.com</header_from>
   </identifiers>
   <auth_results>
     <spf>
       <domain>mymailserver.com</domain>
       <result>neutral</result>
     </spf>
     <dkim>
       <domain></domain>
       <result>none</result>
     </dkim>
   </auth_results>
  </record>

The only hypothesis that I have to explain this is the empty field "smtp.mailfrom" in the mail header.

Did you get alreday this kind of situation? Any idea?

Many thanks for your help

N Remarck
  • 13
  • 3
  • Why are you not giving an SPF `pass` status to your own mail server? – Synchro Aug 16 '17 at 08:19
  • I think it's already the the case : The 'mx' in SPF autorized my server define in the MX record (my own mail server) – N Remarck Aug 16 '17 at 09:45
  • Well it's not working - you're getting a `neutral` result, not a `pass`. – Synchro Aug 16 '17 at 11:18
  • It's exactly the point. It's define on SPF side, but I din't get a "pass". I suspect this problem occured because the field "smtp.mailfrom" is empty (seems to be the case when you send a OoO). It didn't get the same result with usual mail. – N Remarck Aug 16 '17 at 11:24
  • 1
    So you're not sending through your MX. Backtrack through the IPs listed and see where it's actually being sent from. If it's in a LinkedIn block, you'll need to list the whole block or include their SPF. – Synchro Aug 16 '17 at 11:28
  • The email header show that the mail is sending form the MX server. mail714.prod.linkedin.com; iprev=pass policy.iprev="IP_adress_of_my_email_server"; spf=neutral smtp.mailfrom="" smtp.helo="mymailserver.com"; dkim=none (message not signed) header.d=none; tls=none; dmarc=fail (p=none; dis=none) header.from=mydomain.com – N Remarck Aug 16 '17 at 11:41
  • So if you do a `dig mx mymailserver.com` you get `mail714.prod.linkedin.com`? Have you checked your spf on kitterman.com? – Synchro Aug 16 '17 at 11:47
  • The replay for kitterman.com is qs3710.pair.com. I get "mymailserver.com" who is the correct response. The mail714.prod.linkedin.com is comming from the mail header (it's the server receiving the mail). – N Remarck Aug 16 '17 at 11:54
  • I think to have found th explanation in this post : https://social.technet.microsoft.com/Forums/en-US/9d17cd55-36b0-4d00-8114-d7f1e54fc725/dmarc-test-fails-on-out-of-office-replies-but-not-on-regular-emails?forum=Exch2016MFSM – N Remarck Aug 16 '17 at 12:22
  • That seems to be about altering from addresses, which will break DKIM - but you're not using that. Others can't test anything without your real domain. – Synchro Aug 16 '17 at 12:34

0 Answers0