Moin, tl;dr: Could someone do https://email-security-scans.org from meta.com, storing mails on the server and sharing the link with me to help me debug a deliverability issue?
I just got a report in that a user's mail bounced when writing from '@meta.com' to an alias on a domain I operate, which forwards to a third party hosting on zoho.com. The NDR is for a DMARC reject; In my logs, I see that: - ARC verification already failed on inbound with a bh mismatch - DKIM seems to have passed, though, at least according to the logs (with a selector hinting at it being for Q4 2021) zoho.com then rejects with "550 5.7.1 Email rejected per DMARC policy" Given that SPF obviously fails, the question is why DMARC does no longer validate when hitting zoho.com; I currently suspect that there was either a tmp-error for the lookup of the DKIM key, or that meta/outlook.com signs some headers that may be affected during a normal forward. Also, there are no issues with other DKIM signing p=reject domains being forwarded via the setup. To help me debug this; Is there anyone from meta / with an account under meta.com on the list who could do a test on https://email-security-scans.org (ideally checking the 'store my mails' checkbox)? (Already asked into the direction of the user as well, but this is a multi-hop conversation through a user of mine; And it somewhat bugs me and i'd like to resolve this asap. ;-)) With best regards, Tobias -- Dr.-Ing. Tobias Fiebig T +31 616 80 98 99 M tob...@fiebig.nl _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
