Hello, Any idea what the impact of turning on the return-path for autoresponders would be? Colleagues tell me that the hosted mail service (Proofpoint) tells their clients not to use a return-path address for autoresponders because this is the RFC-correct way to do it. We could probably get them to make an exception here, but I'm curious if there is any real world impact to that.
I agree that my customer should ultimately set up DKIM before we set them to DMARC p=reject. They will, but they are an insurance company with an attitude of great caution around change, so it will take a while. It took us about 6 weeks to get them permissions and approvals through their change management process to fix their SPF record, so I was hoping to improve those results while they work on getting DKIM set up. Thanks, everyone! Thanks, Autumn Tyr-Salvia tyrsalvia@gmail atyrsalvia@agari On Mon, Jun 5, 2017 at 2:20 PM, Laura Atkins <la...@wordtothewise.com> wrote: > > > > On Jun 5, 2017, at 1:41 PM, Philip Paeps <phi...@trouble.is> wrote: > > On 2017-06-05 13:32:59 (-0700), Autumn Tyr-Salvia <tyrsal...@gmail.com> > wrote: > > A customer of mine is trying to get DMARC set up on a given domain, and > has set up aligned SPF on their corporate mail server. Unfortunately, we're > seeing an issue, and I'm looking for advice on a resolution. > > When someone sets up an out of office autoresponder on the corporate mail > server, those messages are not configured to use a return-path address. My > understanding is that this is the RFC-correct way to do that. > > Unfortunately, when you do that, SPF evaluation then defaults to the HELO > domain. Since this customer is using a hosted email service provider, the > HELO domain belongs to their email provider and not them, which in turn > kills their alignment. Thus, DMARC failures on all autoresponders. > > Thoughts on the best resolution for something like this? > > > I’d go for an aligned DKIM signature. Or use an actual return-path for the > bounces. > > Put the mail provider's HELO names in your SPF record? The SPF record > should list all the mail servers that send mail on behalf of a domain. > > > That’s not going to help as it’s not in the same organizational space as > the 5322.from. > > laura > > > -- > Having an Email Crisis? 800 823-9674 <(800)%20823-9674> > > Laura Atkins > Word to the Wise > la...@wordtothewise.com > (650) 437-0741 > > Email Delivery Blog: http://wordtothewise.com/blog > > > > > > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
