On Mon, 2022-05-09 at 14:35 -0400, Alex wrote:
> Hi,
> 
> I'm trying to understand why this email from a bank fails DMARC
> when mxlookup says the DMARC record is just fine.
> 
> https://pastebin.com/0T4Gjn3v
> 
>  *  1.8 DMARC_REJECT DMARC reject policy
>  *  6.0 KAM_DMARC_REJECT DKIM has Failed or SPF has failed on the
> message
>  *      and the domain has a DMARC reject policy
> 
> It also passes SPF and DKIM
> 
>  *  0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
>  * -0.0 SPF_PASS SPF: sender matches SPF record
>  * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
> author's
>  *       domain
>  * -0.1 DKIM_VALID Message has at least one valid DKIM or DK
> signature
>  *  0.1 DKIM_SIGNED Message has a DKIM or DK signature, not
> necessarily
>  *      valid
> 
> I'm using a local DNS resolver, not a public server.
> 

I'm pretty sure it can't pass SPF for the purposes of satisfying
DMARC with a null envelope sender.

Dunno why the DKIM didn't pass. Can you tell if the
d=ess.firstdata.com signature is valid or only the amazonses.com sig
(which wouldn't satisfy DMARC)?

Reply via email to