Re: [GIT PULL] spi updates for v5.2

From: Mark Brown
Date: Mon May 06 2019 - 23:03:43 EST

On Tue, May 07, 2019 at 11:18:53AM +0900, Mark Brown wrote:

> Possibly it's not actually anything to do with the DKIM and it's just
> upset that I'm travelling and so the mail was injected from a mobile
> broadband IP in Japan which doesn't match up with the .uk domain.

I've tried sending equivalent mail to one of my own Google accounts and
it gets delivered, though I do see the dmarc=fail bit in the headers.
The full header there is for a newer spec called ARC that builds even
more stuff on top of DKIM and SPF.

ARC-Authentication-Results: i=1;;
dkim=pass header.i=@xxxxxxxxxxxxx header.s=20170815-heliosphere header.b=gYHUGKmm;
spf=pass ( best guess record for domain of broonie@xxxxxxxxxxxxx designates 2a01:7e01::f03c:91ff:fed4:a3b6 as permitted sender) smtp.mailfrom=broonie@xxxxxxxxxxxxx;
dmarc=fail (p=NONE sp=NONE dis=NONE)

which suggests it's adding some guesswork in there on top of what's
explicitly in there for SPF (though that's not causing trouble as it
worked out that the mail is OK). The fact that this got through OK and
all the NONEs there suggest that they are to at least some extent doing
the right thing with the lack of any advertised policies for,
either something else about the message or your incoming mail is causing
the spam filtering.

Unfortunately I can't immediately see any exim stuff for ARC (and I
don't know that there's anything there that could really help) and I
can't do DKIM for (for good reasons), the only thing I can
think of is to disable signing of the From: and hope Google just stop
trying to validate it but that doesn't seem ideal. Everything I'm
seeing is saying that Google just isn't enthusiastic about domains like which is going an issue.

Not really sure what I can do here...

Attachment: signature.asc
Description: PGP signature