Hello crew,
I have a simple 1 domain email server hosted on NS 7.9 using SOGo as a front end. Recently, I’ve added an externally hosted website that has forms being sent out via email. Before I tested the final settings I wanted to confirm that my end server (the one hosting example.com) was honoring my current DMARC policy of:
v=DMARC1; p=reject; sp=reject; rua=mailto:aggrep@example.com; aspf=s; adkim=s; pct=100
The website is sending through wpengine.com & I have not added them to my SPF/DKIM records. With the strict enforcement of aspf=s & adkim=s my NS server is accepting inbound email from noreply@example.com to contact@example.com even though it is failing the DMARC policy.
I expected for the NS server to reject the incoming email because it came from an unauthorized source. Instead the email is passed along without any issue right into the inbox.
Sort by:
MagnitudeValueName DMARC_POLICY_REJECT
DMARC reject policy
(2) [example.com : SPF not aligned (strict), DKIM not aligned (strict),reject]
MX_INVALID (0.5)
FORGED_SENDER (0.3) [noreply@example.com,noreply=example.com@mail1.wpengine.com]
R_SPF_ALLOW (-0.2) [+ip4:23.83.208.0/20]
MIME_HTML_ONLY (0.2)
R_DKIM_ALLOW (-0.2) [mail1.wpengine.com:s=mx]
RCVD_COUNT_FIVE (0) [6]
HAS_PHPMAILER_SIG (0)
RCVD_VIA_SMTP_AUTH (0)
RCVD_IN_DNSWL_NONE (0) [23.83.214.98:from]
RCPT_COUNT_THREE (0) [3]
MIME_TRACE (0) [0:~]
FREEMAIL_TO (0) [gmail.com,live.com,example.com]
RCVD_TLS_LAST (0)
TO_MATCH_ENVRCPT_SOME (0)
FROM_NEQ_ENVFROM (0) [noreply@example.com,noreply=example.com@mail1.wpengine.com]
DKIM_TRACE (0) [mail1.wpengine.com:+]
FROM_HAS_DN (0)
TO_DN_NONE (0)
MID_RHS_MATCH_FROM (0)
HAS_X_POS (0)
ASN (0) [asn:36483, ipnet:23.83.208.0/21, country:CA]
