==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Deployed with iRedMail Easy or the downloadable installer?
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi,

I set up SPF, DMARC and DKIM some time ago and all online tests and reports from google etc come back pass pass pass. Today I received one from amazon with a fail but not from my IP or any I recognise.

Is this good? Did someone try to spoof and get caught? It's great when all tests come back as pass but even better to see security in action, working?

<policy_published>
        <domain>MyDomain</domain>
        <adkim>s</adkim>
        <aspf>s</aspf>
        <p>quarantine</p>
        <sp>none</sp>
        <pct>100</pct>
        <fo>0</fo>
    </policy_published>
    <record>
        <row>
            <source_ip>104.47.17.104</source_ip> ***Not my IP
            <count>1</count>
            <policy_evaluated>
                <disposition>quarantine</disposition>
                <dkim>fail</dkim>
                <spf>fail</spf>
            </policy_evaluated>
        </row>
        <identifiers>
            <envelope_from>MyDomain</envelope_from>
            <header_from>MyDomain</header_from>
        </identifiers>
        <auth_results>
            <spf>
                <domain>MyDomain</domain>
                <result>fail</result>
            </spf>
        </auth_results>
    </record>
</feedback>