Best Of CCP - 221: DMARC, Eero's & Toupee's
/Joe discusses the problem with automatically forwarding mail in the era of DMARC and walks through an explanation from Kerio:
- You have a hosted Kerio email account, with a domain of clientname.com
- You have a forwarding rule configured to forward all email addressed to name@clientname.com to clientaddress@gmail.com
- Gmail enforces a DMARC policy
- Gmail sees the forwarded email as if they were coming from the original sender, e.g.: Facebook, PayPal, etc. etc.
- But the emails are NOT coming from the mailservers of those senders (e.g. mail.facebook.com, mail.paypal.com – fake examples), they are actually coming from the Kerio mail server (mail.itekmail.com)
- This triggers a failure of compliance with DMARC, since the sending mail server doesn't match the sending address.
- Unfortunately there isn't much we can do about this, other than use the main account (name@clientname.com), setting it up on a mail client of your choice, to avoid this problem.
- Joe and Jerry discuss Eero, and Joe explains the challenge of configuring an alternate subnet:
- Eero ad automatically assigned 192.168.7.1 subnet
- AV guy had static IPs manually assigned to two IR controllers
- had to use Advanced settings to hangs subnet to 10.0.0.0 (10.0.1.0 not an option; annoying because that's a common Apple one so this must be a common issue)
- tried to adjust starting IP to 10.0.0.1, subnet to 255.255.0.0, and ending IP to 10.0.1.254; didn't work
- after updating, allowed me to select 10.0.0.0 range and change it to 10.0.1.0 range, which worked