I rarely get false positives on spam in Thunderbird, so I’m trying to understand why this email was sent by Thunderbird into my spam folder:
Return-Path: <support@mail.sendersubdomain.ladesk.com>
Delivered-To: username@example.com
Received: from mail.example.net ([127.0.0.1])
by mail.example.net with LMTP id cO8zMBX9Ul65aAAANQEJQQ
for <username@example.com>; Sun, 23 Feb 2020 14:30:45 -0800
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
mail.example.net
X-Spam-Level:
X-Spam-Status: No, score=0.3 required=5.0 tests=RCVD_IN_DNSWL_NONE,URI_TRY_3LD
autolearn=no autolearn_force=no version=3.4.2
X-Spam-Report:
* 0.3 URI_TRY_3LD URI: "Try it" URI, suspicious hostname
* -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at
* https://www.dnswl.org/, no trust
* [72.14.191.60 listed in list.dnswl.org]
X-Spam-Score: 0.3
Received: from 1.app-q.la.linode-us-tx.qualityunit.com (1.app-q.la.linode-us-tx.qualityunit.com [72.14.191.60])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mail.example.net (Postfix) with ESMTPS id 9917B5DCB9
for <username@example.com>; Sun, 23 Feb 2020 14:30:45 -0800 (PST)
Authentication-Results: mail.example.net; dmarc=none (p=none dis=none) header.from=mail.sendersubdomain.ladesk.com
Received: by 1.app-q.la.linode-us-tx.qualityunit.com (Postfix, from userid 0)
id 35A0CE8AE; Sun, 23 Feb 2020 22:30:43 +0000 (UTC)
To: "User Name" <username@example.com>
Subject: This is the subject text
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="=_dc861e97c410ea1b77b3e5b0cc7b6855"
From: "OtherUser" <support@mail.sendersubdomain.ladesk.com>
Date: 23 Feb 2020 22:30:43 +0000
Reply-To: "Zach" <support@mail.sendersubdomain.ladesk.com>
User-Agent: Quality Unit Mail Services
X-Mailer: LiveAgent
Thread-Index: Y0D3hMg3sg32y2sB
Message-ID: <ol0vq5sq_353586@support.sendersubdomain.com>
References:
I can see in the header checks it passes FCrDNS.
Received: from 1.app-q.la.linode-us-tx.qualityunit.com (1.app-q.la.linode-us-tx.qualityunit.com [72.14.191.60])
It seems to pass SPF:
$ dig txt mail.sendersubdomain.ladesk.com +short
"v=spf1 redirect=spf_na.ladesk.com"
$ dig txt spf_na.ladesk.com +short
"v=spf1 ip4:45.56.74.167 ip4:45.33.6.238 ip4:45.33.116.34 ip4:72.14.191.60 ip4:69.164.207.201 ip4:45.79.0.124 ip4:45.79.4.125 ip4:104.200.19.238 ip4:173.255.194.117 ip4:45.56.69.209 -all"
Next I notice:
Authentication-Results: mail.example.net; dmarc=none (p=none dis=none) header.from=mail.sendersubdomain.ladesk.com
I’m assuming the dmarc=none
is the result of the sending domain mail.senderdomain.ladesk.com
.
$ dig txt _dmarc.ladesk.com +short
"v=DMARC1; p=reject; sp=none; aspf=s; rua=mailto:mail_reports@qualityunit.com; rf=afrf; pct=100; ri=86400"
$ dig txt _dmarc.mail.sendersubdomain.ladesk.com +short
$ dig _dmarc.qualityunit.com +short
$ dig txt mail.sendersubdomain.ladesk.com +short
$ dig ladesk.com._report._dmarc.qualityunit.com +short
"v=DMARC1"
From here I can see the DMARC record seems like it has only one problem:
1) The DMARC record for ladesk.com has sp=none
and p=reject
Does MiaB report dmarc=none
because the sender is a subdomain and sp=none
?