>From: David B Funk <dbf...@engineering.uiowa.edu> >On Fri, 19 May 2017, RW wrote:
>> On Fri, 19 May 2017 14:13:22 -0500 (CDT) >> David B Funk wrote: >> >> ne. >>> >>> My read on this is that "@ena.com" is living dangerously. They >>> publish SPF records and DMARC records (with p=reject) but do NOT DKIM >>> sign their mail. >> >> Most of them pass DKIM, a minority aren't signed. >Urgg, I see that now. I looked at a few of David Jones' posts to this list and >saw that they weren't DKIM signed, so I extrapolated that to a general >asumption. They are DKIM signed so something must be striping the headers. >I see that they're using Office-365. This is one of the issues I have with >0-365, it's a black box which is hard to second guess. >Sometimes they DKIM sign, some times they don't. >Sometimes they will score incoming messasge that are properly DKIM signed as >spam (for no reason other than the DKIM signature, as far as I can tell). >Bottom line; If you put yourself at the mercy of Office-365, using a DKIM >policy >of "reject" is risky. I don't. Our inbound to and outbound from Office 365 is handled by our own mail servers that are properly DKIM signing. I have been reviewing DMARC reports for years now to make sure we had good SPF, DKIM and DMARC before recently moving to p=reject. Dave
