DMARC fails in bounce emails from bounce@atlassian.net

XMLWordPrintable

    • 9
    • Severity 3 - Minor

      Issue Summary

      When we have to bounce a customer’s incoming email, we send them a notification letting them know the reason for the bounce. Currently these bounce emails from bounce@atlassian.net are failing DMARC, therefore customers are unable to receive them or treat them as a trusted email.

      Steps to Reproduce

      1. Send any email to "jira@thistenantdoesnotexistinatlasisan.atlassian.net" You should receive a bounce email indicating that the mailbox doesn’t exist.
      2. The bounce email will have from address "bounce@atlassian.net". This is a verified domain (with DKIM) in the region’s we support inbound.
      3. You may have to check your spam folder because the DMARC policy for atlassian.net is set to quarantine.
      4. Inspect the headers of the bounce email.
      5. Notice that there’s no DKIM signing, and we can’t get an aligned SPF result. As a result, DMARC fails.

      Expected Results

      The bounce emails shouldn't fail DMARC.

      Actual Results

      DMARC is failing with the following details:

      dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=atlassian.net (policy=quarantine); spf=pass

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

            Assignee:
            Unassigned
            Reporter:
            Matheus
            Votes:
            4 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved: