AGWA wrote:
Your settings look reasonable, but be careful with setting p=reject since it, in effect, prevents users of your domain from sending mail to mailing lists. Mailing lists make modifications that break DKIM signatures (like rewriting the Subject: or appending a "unsubscribe" footer to the body) yet preserve the From: header. These messages will get rejected by DMARC-supporting sites if you turn on p=reject. I get a ton of DMARC failure reports every time I post to a mailing list or even create a bug report in the Debian Bug Tracker.
Unfortunately, p=reject seems useful only for domains that send exclusively transactional mail destined for individuals (think PayPal, bank emails, etc.).
Thanks for the reply.
OK. I've just received my first DMARC report for the domain and all seems well except for one thing. I use Google Apps for Business on this domain and make use of the collaborative inbox provided by Google Groups for Business. Essentially I have a Support group so that users can email
support@domain.com and the email will arrive in a nice forum view that staff members can then reply to. Google Groups for business provides a nice GUI allowing you to mark each thread as complete or in progress etc.
Since I disallow public access to the group (for obvious reasons) the only way to allow people to see the responses that staff members post to their support requests is to CC them into the response. This means that it is Google Groups sending the CCed message to the client and therefore SPF checks fail. Does anyone know if there is a way to include a set of email servers in an SPF record if you don't know what all the mail servers for that domains IP address are? Normally Google tell you to include _spf.google.com in your SPF records but this doesn't include Google Groups unfortunately.
FAQ
Search
Members
Register
Login [ Anonymous ]
