Solved Getting odd Gmail dkim reports

In terms of SPF it should be simple. The receiving server sees an email coming from [email protected]. So it asks the nameserver for a TXT/SPF record for the (sub)domain "server.serverdomain.nl". If that doesn't give a response or an invalid one, it will not pass the SPF check.

So indeed either make sure it sends from a different address, or you need to add a TXT/SPF record for server.serverdomain.nl.
 
ikkeben said:
And DA users are getting mails from the softaculous for some things as updates or so,
Click to expand...
That's correct, because php mail is used in Softaculous and not SMTP mail. You can configure SMTP mail though.

I just got another Dmarcian report of the past week and it found the message we're talking about. Have a look at these lines which were below the report.

⚠️ serverdomain.nl is authorized to send on behalf of mycompany.nl, however it looks like SPF and DKIM are still failing DMARC’s alignment test. DMARC looks at the Return-Path of a message to make sure the domain there matches the domain in your From address. If the Return-Path path doesn’t match your From address, those messages will fail DMARC’s SPF alignment test. Set up a DKIM record and check with this source about setting up custom Return-Path.
Click to expand...
I've read about this somewhere. That this system also has to create some record so I'm allowed to send through there.
However, this issue should be gone now I entered a [email protected] in Softaculous.
 
Arieh said:
The receiving server sees an email coming from [email protected].
Click to expand...
yes but as I explained that is not the issue when it would only be this fact. The issue is that it's seeing my email adres in the header. If it was only [email protected] there wouldn't be a issue as there is an SPF record for that. This was what confused me.
I didn't know my email address was seen in the header, which causes this spf issue.
 
Richard this is what Arieh and i are trying to say:

r you need to add a TXT/SPF record for server.serverdomain.nl.
Click to expand...

And check that with spf checkers to be sure while your writing is about checkin g SPF only for serverdomain.nl. without that server. subdomain dns spf record.

From my example above i had to ad spf record for vpshost.serverdomain.tld> But ok is my example header don't know yours, still gmail it is or forward / copy 2e mail or send to gmailadress otherwise google is not sending a dmarc.. ( and with copy or forward it is hard to comply)
 
Last edited:
ikkeben said:
Richard this is what Arieh and i are trying to say:
Click to expand...
I know that he's trying to say that. I'm trying to explain that this is only needed becaue [email protected] is found in the headers of the mail. Without that I wouldn't even get a report. And that other mails send from [email protected] (like from CSF) do not have this isssue because this has it's own SPF record and not a from @mycompany.nl in the header.

Even in het NL. Als het alleen om die hostnaam ging zou ik geen rapporten moeten krijgen. Ik probeerde dus een oorzaak te zoeken waarom ik wel rapporten kreeg en waarom ik dat niet terug vond in de Exim log.
Reden daarvoor is dus niet omdat server.serverdomain.nl geen spf record heeft want dat heeft ie wel, op zijn eigen server.
Reden was omdat mijn bedrijfs email in de header van die mail stond, daarom kreeg ik dat rapport.
En omdat mijn email in de header stond, kon ik die dus ook niet terug vinden in de Exim log.

Zoals je kunt zien uit het dmarcian rapport mag serverdomein.nl dus ook sturen vanuit mijn naam. Echter zal dan wat ArieH zegt nodig zijn omdat het niet via SMTP gaat maar via php mail dat die hostnaam ook opgenomen dient te worden.
Het enige wat mij verbaast is dat de SPF check het (sub)domein c.q. hostnaam niet resolved want dan zou het geauthoriseerde ip tevoorschijn komen.
Maar schijnbaar is dat hoe die combinatie werkt.
 
I think I understand. For DMARC specifically (not a general SPF check by itself), it matters which e-mail address is in the return path. So in this case, it would probably needs include:server.serverdomain.nl in the SPF record of mycompany.nl ?
 
Yep, that is like I see it too. Either it needs the include:server.serverdomain.com in SPF of the sender address in the header or in the script (in this case Softaculous) it needs the return-path email address present.
If I'm not mistaken this issue will not happen when using SMTP for sending mail, only when using the php mail and if a non-local email address is used.
 
You must log in or register to reply here.
Back
Top