Quote:
Originally Posted by n5bb
By default, forwarding a message (by any email service) breaks SPF. If SPF is broken, one of the two DMARC tests (SPF and DKIM) fails. If DKIM does not pass, then SPF failure will lead to DMARC failure.
So first look at messages sent by proper (not fake) senders at "originating.com" as received in your Fastmail account. Look at the full headers (More > Show Raw Messages) for the Authentication-Results header. If DKIM does not pass, then if SPF fails due to forwarding you should get a DMARC failure.Bill
|
Thanks Bill.
On your advice I had a closer look at the headers.
I had previously looked at the headers but the multiple DKIM reports had me confused.
In a recent test email there were two DKIM results shown: one said DKIM = invalid, and another said DKIM = passed.
On inspection of the DKIM = invalid, and a bit of googling, an issue with the public key was indicated by the search results.
I re-generated the public key & this seems to have solved the problem.
I will keep monitoring to see if the problem really is solved.
Thanks for directing me back to re-investigate the header data.
Thanks also for the info and link to SRS rewriting.
If the redirect results in further DMARC failures, I'll look to implementing this.
