Why does MiaB report dmarc=none?

1

I rarely get false positives on spam in Thunderbird, so I’m trying to understand why this email was sent by Thunderbird into my spam folder:

Return-Path: <support@mail.sendersubdomain.ladesk.com>
Delivered-To: username@example.com
Received: from mail.example.net ([127.0.0.1])
	by mail.example.net with LMTP id cO8zMBX9Ul65aAAANQEJQQ
	for <username@example.com>; Sun, 23 Feb 2020 14:30:45 -0800
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
	mail.example.net
X-Spam-Level: 
X-Spam-Status: No, score=0.3 required=5.0 tests=RCVD_IN_DNSWL_NONE,URI_TRY_3LD
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-Report: 
	*  0.3 URI_TRY_3LD URI: "Try it" URI, suspicious hostname
	* -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at
	*      https://www.dnswl.org/, no trust
	*      [72.14.191.60 listed in list.dnswl.org]
X-Spam-Score: 0.3
Received: from 1.app-q.la.linode-us-tx.qualityunit.com (1.app-q.la.linode-us-tx.qualityunit.com [72.14.191.60])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.example.net (Postfix) with ESMTPS id 9917B5DCB9
	for <username@example.com>; Sun, 23 Feb 2020 14:30:45 -0800 (PST)
Authentication-Results: mail.example.net; dmarc=none (p=none dis=none) header.from=mail.sendersubdomain.ladesk.com
Received: by 1.app-q.la.linode-us-tx.qualityunit.com (Postfix, from userid 0)
	id 35A0CE8AE; Sun, 23 Feb 2020 22:30:43 +0000 (UTC)
To: "User Name" <username@example.com>
Subject: This is the subject text
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="=_dc861e97c410ea1b77b3e5b0cc7b6855"
From: "OtherUser" <support@mail.sendersubdomain.ladesk.com>
Date: 23 Feb 2020 22:30:43 +0000
Reply-To: "Zach" <support@mail.sendersubdomain.ladesk.com>
User-Agent: Quality Unit Mail Services
X-Mailer: LiveAgent
Thread-Index: Y0D3hMg3sg32y2sB
Message-ID: <ol0vq5sq_353586@support.sendersubdomain.com>
References:

I can see in the header checks it passes FCrDNS.

Received: from 1.app-q.la.linode-us-tx.qualityunit.com (1.app-q.la.linode-us-tx.qualityunit.com [72.14.191.60])

It seems to pass SPF:

$ dig txt mail.sendersubdomain.ladesk.com +short
"v=spf1 redirect=spf_na.ladesk.com"
$ dig txt spf_na.ladesk.com +short
"v=spf1 ip4:45.56.74.167 ip4:45.33.6.238 ip4:45.33.116.34 ip4:72.14.191.60 ip4:69.164.207.201 ip4:45.79.0.124 ip4:45.79.4.125 ip4:104.200.19.238 ip4:173.255.194.117 ip4:45.56.69.209 -all"

Next I notice:

Authentication-Results: mail.example.net; dmarc=none (p=none dis=none) header.from=mail.sendersubdomain.ladesk.com

I’m assuming the dmarc=none is the result of the sending domain mail.senderdomain.ladesk.com.

$ dig txt _dmarc.ladesk.com +short
"v=DMARC1; p=reject; sp=none; aspf=s; rua=mailto:mail_reports@qualityunit.com; rf=afrf; pct=100; ri=86400"
$ dig txt _dmarc.mail.sendersubdomain.ladesk.com +short
$ dig _dmarc.qualityunit.com +short
$ dig txt mail.sendersubdomain.ladesk.com +short
$ dig ladesk.com._report._dmarc.qualityunit.com +short
"v=DMARC1"

From here I can see the DMARC record seems like it has only one problem:
1) The DMARC record for ladesk.com has sp=none and p=reject

Does MiaB report dmarc=none because the sender is a subdomain and sp=none?

2

Hi @openletter

PM me a copy of the unsanitized headers and I will take a look. Trying to decipher sanitized headers is simply too difficult early on a Monday morning. :stuck_out_tongue:

3

There is almost nothing changed except three things: the domain of the MiaB server, the receiving email address, and the domain of the LiveAgent customer. Otherwise, it’s raw.

4

Still, I can’t look it up if I don’t know what it is …

Most likely. But from the information provided, the DMARC record is working as written.

So to answer the question in the title, dmarc=none because the dmarc record says to ignore subdomains - as in no policy.

And to answer the question that you asked in the body … I suspect it may be because of the listing in dnswl.org … but I am only guessing.