Re: [exim] DMARC incorrect for PayPal ?

Top Page
Delete this message
Reply to this message
Author: Todd Lyons
Date:  
To: Darren Ilston
CC: exim-users
Subject: Re: [exim] DMARC incorrect for PayPal ?
On Sat, Mar 1, 2014 at 2:56 AM, Darren Ilston <darren.ilston@???> wrote:
> Seeing this in the logs for PayPal:
>
> 2014-02-28 18:21:57 1WJS4L-000Gsx-8G DKIM: d=paypal.co.uk s=pp-dkim1
> c=relaxed/relaxed a=rsa-sha256 i=@paypal.co.uk t=1393611715 [verification
> succeeded]
> 2014-02-28 18:21:57 1WJS4L-000Gsx-8G DMARC results:
> spf_domain=paypal.co.ukdmarc_domain=
> paypal.co.uk spf_align=no dkim_align=no enforcement='Reject'
> 2014-02-28 18:21:57 1WJS4L-000Gsx-8G H=mx0.slc.paypal.com (
> mx2.slc.paypal.com) [173.0.84.225] Warning: Message from
> paypal.co.ukfailed sender's DMARC policy, should reject.
> 2014-02-28 18:21:57 1WJS4L-000Gsx-8G <= service@??? H=
> mx0.slc.paypal.com (mx2.slc.paypal.com) [173.0.84.225] P=esmtp S=9557
> id=1393611715.15610@???
>
> PayPal's DMARC checks out.
> Any ideas ?


That's definitely a bug of some kind. I see the same thing in my
logs: paypal.com passes DMARC, but paypal.co.uk fails DMARC. I can
verify that individually, both SPF and DKIM pass for paypal.co.uk, but
when the DMARC library is processing the result, it comes up with a
fail for both, so DMARC fails.

Let's debug a little bit. Looking in the file I/we use for
"dmarc_tld_file", it contains this for .uk:

// uk : http://en.wikipedia.org/wiki/.uk
*.uk
*.sch.uk
!bl.uk
!british-library.uk
!icnet.uk
!jet.uk
!mod.uk
!nel.uk
!nhs.uk
!nic.uk
!nls.uk
!national-library-scotland.uk
!parliament.uk
!police.uk

I have a hunch that *.uk isn't matching in the library. Try adding a
single line:
co.uk

I have added it to mine too. We will see if that changes the
behavior. If it does, then I will work with the opendmarc developer
to figure out either if it's a bug or if it's something wrong
procedurally with using the opendmarc library.

...Todd
--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine