If the traffic passes thru a filtering gateway in front of the recipient server, SPF will fail. Also, if that gateway modified the Subject, From, or prepends a message about it being, “External” in the body of the message, then DKIM will fail. And in either of the above, DMARC will almost certainly fail.
Long ago, there was a solution put into RFC 822 (yes, ever since then) that would solve this problem at least for the DKIM case, but (almost) nobody uses it. I refer, of course (?) to the Comments header. [cid:image001.png@01DAF568.32AB1E10] Aloha, Michael. -- Michael J Wise Microsoft Corporation| Spam Analysis "Your Spam Specimen Has Been Processed." Open a ticket for Hotmail<http://go.microsoft.com/fwlink/?LinkID=614866> ? From: mailop <mailop-boun...@mailop.org> On Behalf Of Alex Shakhov via mailop Sent: Friday, August 23, 2024 1:35 PM To: mailop@mailop.org Subject: [EXTERNAL] [mailop] DMARC p=reject Interaction with security gateways Hello - We are currently managing several domains that are experiencing spoofing attacks, which led us to implement a p=reject policy. We monitor these domains through Uriports, and while all DKIM/SPF validations pass, exceptions arise with emails routed through security providers such as Cloudflare, Proofpoint, Mimecast, Inky, and others. Is the "reject" disposition simply noise that can be disregarded, with 100% of these emails still being delivered due to the application of the ARC policy? Or do these emails fail to reach their final destination? Any guidance on this would be greatly appreciated!
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
