Re: [mailop] Sudden spike in Gmail failures ("TempFail – Spam")

Tue, 30 Apr 2024 03:53:44 -0700 

> configure DMARC for syniumsoftware.com to accept subdomain signatures.
Uh... that's not configured in the DMARC policy. The sp= directive states what action to take from subdomains of a domain when a message fails DMARC. See https://datatracker.ietf.org/doc/html/rfc7489#section-6.3 and https://datatracker.ietf.org/doc/html/rfc6376#section-3.10 


On 4/30/24 12:37 PM, Matus UHLAR - fantomas via mailop wrote:
But this may be related to the drop in reputation of Amazon SES IP Space.  Do they offer a dedicated outgoing IP Address that you can try?  It also helps reduce any chance of forgeries..  Eg, smaller SPF footprint, that could have poisoned your reputation.
Am 30.04.2024 um 12:06 schrieb Matus UHLAR - fantomas via mailop <mailop@mailop.org>: 
DKIM should help as well or even better.
_domainkey.newsletter.syniumsoftware.com produces NXDOMAIN which means domain keys don't exist. 

On 30.04.24 12:22, Mendel Kucharzeck via mailop wrote:
Thanks for your response.  DKIM is set up according to the AWS SES documentation.  There are three DKIM records for AWS SES present in the DNS record of syniumsoftware.com :
5tciaamivsdm3um6jda5iawx6dkzl4vv._domainkey.syniumsoftware.com = 5tciaamivsdm3um6jda5iawx6dkzl4vv.dkim.amazonses.com owv4bewgknpmf434mvkczc5hlg3yrflg._domainkey.syniumsoftware.com = owv4bewgknpmf434mvkczc5hlg3yrflg.dkim.amazonses.com ypcsbtqri7hjsoyf55sdheq4elds3ojh._domainkey.syniumsoftware.com = ypcsbtqri7hjsoyf55sdheq4elds3ojh.dkim.amazonses.com
These SEEM to pass validation according to the DMARC reports we’ve received.
Now my question: We’re sending using the Email address newslet...@syniumsoftware.com .  The return-path/MAIL-FROM domain is newsletter.syniumsoftware.com .  I assumed that mail servers will look for the DKIM records at syniumsoftware.com and NOT newsletter.syniumsoftware.com 
.  Am I wrong?
Thanks in advance for any guidance you can provide. Highly appreciate your help.
Well, you are right and I forgot about this, servers may check whichever keys you provide and you can configure DMARC for syniumsoftware.com to accept subdomain signatures. 

However it seems you did the opposite:
_dmarc.syniumsoftware.com. 600  IN      TXT     "v=DMARC1; p=reject; sp=reject; pct=100; rua=mailto:dm...@syniumsoftware.com"; 


_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Reply via email to