moderated DKIM signature in use in Moldava? #bug

Mark Berry

I posted this in the Group Managers forum and a members suggested I post it here.

I'm working on setting up DMARC on my domain, obfuscated here as

For a few days after I started posting in the Group Managers forum, I was getting reports of thousands of would-be failures for email sent from Moldava. I found a raw report with the Moldavan IP address. I don't quite understand the <auth_results> section:  it looks like DKIM is passing using the signature, but the foreign IP (bleza(dot)skilldivinet(dot)net) is passing on SPF. Are they somehow spoofing the DKIM signature? Here is the report, with the questionable section in bold:

<?xml version="1.0"?>    
    <org_name>Yahoo! Inc.</org_name>    
The only DKIM TXT record I know of is If that is a date stamp, perhaps it's time to rotate the key?


Mark Berry

Jim Wilson

@Mark Berry, it just occurred to me that perhaps the "pass" result in the "auth_results, dkim" section is simply confirming that a valid DKIM record was found for the "" domain.

Sorry, I only thought of this after I realized the "policy evaluated" section shows "fail" in the "dkim" section and appears to be (rightly) determining that the DKIM is invalid. I'm trying to find the relevant docs that may explain this.

What I don't understand is why the "source ip" does not show up on any block list yet. :(

Mark Berry

I believe the failures in the "policy evaluated" section are what MxToolbox calls alignment failures. Which kinda makes sense, if a third party is signing email with a spoofed certificate but not actually sending from that certificate's domain. (If that's what misalignment means.) Here is their report on that XML: