IP source from private ip address

OtsukaCG · December 11, 2022, 11:37pm

Hi, I’ve been analyzing my DMARC failures by looking at CSV file downloaded from detail viewer.
I noticed there are 11 NXDOMAIN in source host, and some of those IP address are private address.
How can this happen? Can this be spoofed?

I would like to know where DMARC report gets it’s ip_source from. Is it domain part of “mail from” e-mail address? Or is it from smtp connections? I suppose it’s from “mail from”, then it can be easily spoofed. But I can’t be sure. Someone please comment on this. Thank you!

Asher · January 17, 2023, 3:42pm

The IP shown here is based on the IP contained in the report sent in by the reporters. Typically, this mean the reports contain bad information and are badly constructed by the receiver due to a incorrect DMARC verification implementation.

Topic		Replies	Views
DKIM passes, SPF passes, DMARC fails... how to fix? Technical Help	3	278	March 11, 2024
Question about SPF failure in DMARC report Technical Help	2	1020	November 6, 2021
Need help understand what's happening	1	405	July 21, 2023
What is “External Destination Verification”? Technical Help	0	1208	May 30, 2019
Reputation look up for DMARC failed hosts Technical Help	6	639	June 23, 2022

IP source from private ip address

Related Topics