On 2023-03-03 at 14:12 +0000, Salvatore Jr Walter P via mailop wrote: > We are in the final stages of migrating our exchange server from 2013 > to 2019. > I found out we had no SPF, DMARC, DKIM etc setup on our domains. > > Trying to get us setup properly and have SPF and DMARC working, DKIM > is another story. > Setup on the server, sent the key to our ISP for the DNS to be added. > Headers show the signature is being included. > > DKIM-Signature: v=1; a=rsa-sha256; d=redacted.gov; s=1; > c=relaxed/relaxed; > t=1677851456; h=from:subject:to:date:message-id;(rest of key) > > > Also from the headers: > > Authentication-Results: inbound.redacted.net; > spf=pass smtp.mailfrom=redacted@ redacted.gov; > dkim=fail header.d= redacted.gov; > dmarc=pass (policy=none; pct=100; status=pass); > arc=none > > Any suggestion where to go from here? We are having all emails > blocked by AT&T, no idea why so trying to get all our ducks in a row > and make sure we are doing everything the “right” way.
Hello Salvatore The Authentication-Results header is added by the receiving server inbound.redacted.net, noting what it found (it considers the email not passing DKIM). Is warwickri.gov the domain you are setting up? Could you share a full, unredacted email with headers? (e.g. a test email sent to a freemail account you own) Regards _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
