> On Jun 14, 2017, at 8:29 AM, Stefano Bagnara <mai...@bago.org> wrote: > > Recently (few weeks) we started having reports about this warning on Gmail on > some notification email: > > "This may be a spoofed message. Gmail couldn't verify that it was actually > sent from your account." > > After a few tests we identified the pattern enabling this error: > > From: <acco...@gmail.com <mailto:acco...@gmail.com>> > To: <acco...@gmail.com <mailto:acco...@gmail.com>> > > with > > SPF: PASS > DKIM: PASS > DMARC: FAIL (but gmail.com <http://gmail.com/> still publishes p=none) > The message has been sent from our server with our own "mail > from"/"return-path" (so SPF and DKIM pass but of course do not align to the > gmail domain).
If there’s no alignment, then DMARC fails. That evaluation can be (and is) done in the absence of a DMARC p=reject. ISPs have actually been checking alignment for a while. > If you change the From or the To header to another gmail address (not related > to the account) the warning disappear. Right. The warning is “this came from: your address, to: your address but not from gmail’s servers” I expect that if you send the same message through gmail, the warning will go away. > This doesn't look like a DMARC check because the message explicity say "from > your account" so it seems a specific message to catch messages with "From" > corresponding to the account itself and I checked that it appears only if the > "To" header contains the same account. Right. The issue is - mail is coming from: you to: you and the mail is coming from an outside server. There is a LOT of spam out there that uses the same To: and From: addresses, so it makes a lot of sense that Gmail would flag that as a problem. > What do you think is the point of this kind of message, so "narrow" in scope > (email from and to the same account, failing DMARC)? This doesn't happen if > the From is any other gmail account (while DMARC still fails, of course). The point is: someone is using the same to: and from: without sending through Gmail’s servers. So they’re going to tell you this because it’s something the bad guys do. laura -- Having an Email Crisis? 800 823-9674 Laura Atkins Word to the Wise la...@wordtothewise.com (650) 437-0741 Email Delivery Blog: http://wordtothewise.com/blog
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
