On Fri, Dec 19, 2014 at 10:51:40AM -0500, James B. Byrne wrote:
> On Fri, December 19, 2014 05:22, Jose Borges Ferreira wrote:
> > Hi all,
> >
> > You must fully understand the implications of having a DMARC policy
> > other that p=none. The use of DMARC protected domains in Mailling
> > lists like this may have undesired effects. This is a generic warning.
>
> The email in question was sent directly from a user in our domain to a mailbox
> in the aol.com. MLMs were not involved. I am aware of the difficulties with
> DMARC and MLMs from painful personal experience.
>
> Review of the maillogs this morning indicate that AOL is accepting mail from
> our domain without complaint. So, either there was something specific to the
> addressee's address or AOL experienced some transient issue with our domain.
Your domain is DNSSEC-signed via the ISC DLV, which is sub-optimal,
given that the "ca" TLD supports DNSSEC.
http://dnsviz.net/d/harte-lyne.ca/dnssec/
If your registrar does not support publishing "DS" records under
"ca.", I would find another registrar.
Your MX RRset has a very fresh 30-day signature, coincidence?
$ dig -t mx harte-lyne.ca
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37087
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;harte-lyne.ca. IN MX
harte-lyne.ca. MX 30 inet08.hamilton.harte-lyne.ca.
harte-lyne.ca. MX 40 inet18.mississauga.harte-lyne.ca.
harte-lyne.ca. MX 50 inet04.mississauga.harte-lyne.ca.
harte-lyne.ca. MX 70 mx70.harte-lyne.ca.
harte-lyne.ca. MX 90 mx90.harte-lyne.ca.
harte-lyne.ca. RRSIG MX 8 2 172800 20150118062039 20141219062039
1410 harte-lyne.ca. <sig-bits>
could there have been problems with signature freshness at the
time? Perhaps AOL is using a validating resolver that queries the
ISC DLV?
--
Viktor.
