(original domain replaced with example.com)
I do not understand much about SRS, but it seems to me sendgrid uses SRS here to rewrite the original sender's address (jdoe@example.com).
So my question is: Why opendmarc rejects this address?
Debian stable with opendmarc 1.3.2-2+deb9u1
Thank you,
Rainer
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Mar 20 04:15:09 mx2 postfix/cleanup[10493]: 2E5F7610B4: milter-reject: END-OF-MESSAGE from o1.f.az.sendgrid.net[208.117.55.132]: 5.7.1 rejected by DMARC policy for example.com; from=bounces+4491766-4033-jdoe=example.com@sendgrid.net to=jdoe@example.com proto=ESMTP helo=<o1.f.az.sendgrid.net></o1.f.az.sendgrid.net>
(original domain replaced with example.com)
I do not understand much about SRS, but it seems to me sendgrid uses SRS
here to rewrite the original sender's address (jdoe@example.com).
So my question is: Why opendmarc rejects this address?
Debian stable with opendmarc 1.3.2-2+deb9u1
The 'from=<..>' address in that log entry is the envelope sender not the
address that appears in the 'From' header. DMARC tests against the address
in the 'From' header. I admit the log entry could be clearer.
You haven't provided full details and have obfuscated, but it looks like
the problem is with the originator, so really you shouldn't do anything. Do
you even know that these are genuine emails? According to the originator's
DMARC rules, they are not. FYI, changing the envelope sender does not
break DKIM (and does not therefore necessarily cause DMARC failure). It
will however break SPF alignment, so that DMARC pass then depends on DKIM
pass (which is a good thing). Changing or reformatting the body of the
email, or modifying certain headers, will break DKIM.
If you are confident the emails are genuine you should contact the
originator and explain the problem to them. Most recipients of their emails
will have the same problem (because all the big email providers honour
DMARC on incoming mails).
Hi,
this log:
(original domain replaced with example.com)
I do not understand much about SRS, but it seems to me sendgrid uses SRS here to rewrite the original sender's address (jdoe@example.com).
So my question is: Why opendmarc rejects this address?
Debian stable with opendmarc 1.3.2-2+deb9u1
Thank you,
Rainer
On Thu, 21 Mar 2019 at 13:02, Rainer Sokoll rsokoll@users.sourceforge.net
wrote:
Are you sure that opendmarc tests NOT against the envelope-from?
Isn't SRS made exactly for rewriting the envelope-from and not the header-from?
And is there anything I can do here (operator of the rejecting mail server)?
On Thu, 21 Mar 2019 at 13:52, Rainer Sokoll rsokoll@users.sourceforge.net
wrote:
For an explanation about DMARC see, for example:
https://www.sparkpost.com/resources/email-explained/dmarc-explained/
You haven't provided full details and have obfuscated, but it looks like
the problem is with the originator, so really you shouldn't do anything. Do
you even know that these are genuine emails? According to the originator's
DMARC rules, they are not. FYI, changing the envelope sender does not
break DKIM (and does not therefore necessarily cause DMARC failure). It
will however break SPF alignment, so that DMARC pass then depends on DKIM
pass (which is a good thing). Changing or reformatting the body of the
email, or modifying certain headers, will break DKIM.
If you are confident the emails are genuine you should contact the
originator and explain the problem to them. Most recipients of their emails
will have the same problem (because all the big email providers honour
DMARC on incoming mails).