You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Alex Regan <my...@gmail.com> on 2015/05/22 22:45:25 UTC

DMARC validation failed

Hi,

Can someone help me understand the DMARC_FAIL_REJECT rule? I have an 
emailfrom aol.com that was quarantined as a result of this rule.

May 22 16:21:32.695 [23166] dbg: async: calling callback on key 
askdns:TXT:_dmarc.aol.com
May 22 16:21:32.695 [23166] dbg: askdns: answer received, rcode NOERROR, 
query IN/TXT/_dmarc.aol.com, answer has 1 records
May 22 16:21:32.695 [23166] dbg: askdns: domain "_dmarc.aol.com" listed 
(__DMARC_POLICY_REJECT): v=DMARC1; p=reject; pct=100;
  rua=mailto:d@rua.agari.com; ruf=mailto:d@ruf.agari.com;
May 22 16:21:32.696 [23166] dbg: dns: __DMARC_POLICY_REJECT lookup finished

I've put a copy of the headers here:

http://pastebin.com/HcbD2FJj

This is from rules posted to the list in Feb by Christian Laußat:

http://spamassassin.1065346.n5.nabble.com/Amazon-phishing-spam-td114429.html

It seems there are quite a few in the quarantine from this rule, so it's 
worth re-evaulating.

Thanks,
Alex

Re: DMARC validation failed

Posted by Tom Hendrikx <to...@whyscream.net>.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 22-05-15 22:45, Alex Regan wrote:
> Hi,
> 
> Can someone help me understand the DMARC_FAIL_REJECT rule? I have
> an emailfrom aol.com that was quarantined as a result of this
> rule.
> 
> May 22 16:21:32.695 [23166] dbg: async: calling callback on key 
> askdns:TXT:_dmarc.aol.com May 22 16:21:32.695 [23166] dbg: askdns:
> answer received, rcode NOERROR, query IN/TXT/_dmarc.aol.com, answer
> has 1 records May 22 16:21:32.695 [23166] dbg: askdns: domain
> "_dmarc.aol.com" listed (__DMARC_POLICY_REJECT): v=DMARC1;
> p=reject; pct=100; rua=mailto:d@rua.agari.com;
> ruf=mailto:d@ruf.agari.com; May 22 16:21:32.696 [23166] dbg: dns:
> __DMARC_POLICY_REJECT lookup finished
> 
> I've put a copy of the headers here:
> 
> http://pastebin.com/HcbD2FJj
> 
> This is from rules posted to the list in Feb by Christian Laußat:
> 
> http://spamassassin.1065346.n5.nabble.com/Amazon-phishing-spam-td11442
9.html
>
> 
> 
> It seems there are quite a few in the quarantine from this rule, so
> it's worth re-evaulating.
> 
> Thanks, Alex


I assume that "T_SPF_TEMPERROR SPF: test of record failed (temperror)"
says enough. The rules in the archive post you provided only checks
for valid results, and has no safety net for temporary errors...

Tom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVX7BLAAoJEJPfMZ19VO/1uBgQALspECJCWAHO6YGuwtFnKtDv
GGEYlIT2E5KNH07HlIk70BzLFlhqgCa4ymKcSdSBkVtVHQK7FlEYjxkFJ0yOyhhj
lm8sd2f0tVJvlfRK/HtEKCw6sE4vnsWMgLX2ScQmrnIFf64hUWzmrbmMYqJpDlFs
5faqH2yaenSO8AT5xSr5fbI2vsnhIzWTZzetWaEI3PIjUslpzVEc0IvfJ8RQ7ZVc
wMVZ+u2sKpWFNmzpSMT7eYbl1LJ/gbEJAnLFrt4uuLCgbuHAwo0iYIEbocUpiOo5
rk8A06GTkuh2lOFdrDdpbNCua7K7Bbl9Oi18CBiKJG3f5pHG8SN1bstG+RVfPZqt
Om8dXoFvCUesS8+ds5L+pXFI2tarxBusGsY2+eyg+ZwxvJ9XYKGarSIQ7TO+J4Jb
m1yFpWI5kdPcYDDkSt1fPLtc5Dlhc21T7g712H4eA1VKgyjU/Jn9Ig+VHv66tS75
OismVS9RNLJiFVGPiXM78w+G/7bdDK8ArwkVXf4tWsjdN6LFmUs3HwV4Qhdv+rbl
oVpJTEUPkTUODZT0Wd6/64CMWE6bCoxjW0JcLO3gsN/ZxORWxx1qwmS+mpyrE1sU
QrudVMtbyQg6RMFopOV+nv8YEBzY7ycckz9Umf1LyzE92wxLv8GxnTzJ6neVC2rv
FWQOg81IVsv2E+WW/ay1
=sHSO
-----END PGP SIGNATURE-----