On Mon, Jul 27, 2020, 5:32 PM Wietse Venema, <wie...@porcupine.org> wrote:
> Ian Evans: > > I'm a reviewer and sent an email from my site responding to one of their > > coverage requests. > > > > A few minutes later, my postmaster acct received this message: > > > > A message claiming to be from you has failed the published DMARC > > policy for your domain. > > > > Sender Domain: digitalhit.com > > Sender IP Address: 216.24.225.10 > > Received Date: Mon, 27 Jul 2020 15:14:35 -0400 > > SPF Alignment: no > > DKIM Alignment: no > > DMARC Results: Quarantine > > > > Followed by: > > ------ This is a copy of the headers that were received before the error > > was detected. > > > > X-DKIM-Failure: bodyhash_mismatch > > Received: from mail.cp20.com ([216.24.225.10]) > > by semfq01.mfg.siteprotect.com with esmtps > > (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) > > Other than the time, was any information in the header even remotely > related to the message that you were sending? > > If it is not your email message, then the question is why cp20 > was sending email on behalf of your domain? > > It may be worthwhile to look up Postfix's logging for the outbound > delivery of your message. The logging with "status=sent" contains > the name and IP address of the server that Postfix gave the message > to, plus some remote message identfier in the remote SMTP server's > response. > > Wietse, The header in the dmarc email was truncated but I also was sure what information should be obfuscated or the suggested way to obfuscate it. The from in the report headers was my email address. The subject line was my re: subject line. The original email was a mass e-mail to reporters. The return path was not the publicist's email but: Return-Path: <bounce_idanfdl_o-[my email] =example....@cp20.com> Looking at the Postfix logs it appears the email was sent to the same ip address for cp20.com: Jul 27 15:14:22 carson postfix/smtp[13747]: 9323F20309D: to=<[some coded letters that probably translate to the publicist email]@cp20.com>, relay= mail.cp20.com[216.24.225.10]:25, delay=0.3, delays=0.01/0.01/0.06/0.22, dsn=2.6.0, status=sent (250 2.6. 0 message received) Deal with a ton of pr companies that send emails via services like MailChimp. This is my first time seeing this. I've been running dmarc since about 2017. >
