I’ve read sean’s response to the post “Unknown Sources but DKIM and SPF Pass. Why?” but I still don’t understand. Plus, my sources are neither unknown nor are they exotic: one is Google (googlegroups dot com) and the other is the “lists” subdomain of a well known university we are close to.
What should my next steps be?
I wrote to the university and received a response from their tech department. It seems they have “implemented DMARC with a reject policy” on their servers, so I guess that means I shouldn’t worry about a reject policy on mine, right?
Hi BSC Webmaster
I can’t make any definitive assertions without analyzing your data firsthand. However, it seems you’re encountering phenomena typical of DMARC data for emails that have been forwarded by the recipients of your messages. Essentially, what you’re observing may not be a source within your direct control.
For example, list servers frequently appear in DMARC reports. A list server’s function is to facilitate discussion groups and distribute emails to group members, irrespective of the members’ email domain affiliations. Consider a university with the domain example.com and a list server at list.example.com. If an email is dispatched from dmarcian.com to a group hosted on list.example.com, the list server will forward a copy of that email to each group member. In doing so, it alters the MAIL FROM address to use @list.example.com, while preserving the original From address (@dmarcian.com).
Such activities would manifest in your DMARC dashboard as data under ‘Forwarders’ or ‘Unknown Sources’, represented by my domain, sent from an IP address I do not own, with the MAIL FROM attributed to the forwarder. No intervention is required in this scenario since the list server is beyond your management purview. Although these actions might not strictly comply with DMARC policies, they generally do not pose a concern. Most list servers will cease to spoof a domain they forward for if that domain enforces DMARC policies (quarantine or reject).
I hope this clarifies the situation. If there’s a misunderstanding on my part, I recommend contacting your DMARC report processing support for more tailored assistance in interpreting your data.
I hope this helps!
Thanks Asher, very helpful! This seems to describe my situation exactly.
Cheers!
