Weekly shows every Tuesday – since 2013!

Your Apple consultancy can sponsor the show!

221: DMARC, Eero's & Toupee's


- Joe discusses the problem with automatically forwarding mail in the era of DMARC and walks through an explanation from Kerio:

- You have a hosted Kerio email account, with a domain of clientname.com

- You have a forwarding rule configured to forward all email addressed to name@clientname.com to clientaddress@gmail.com

- Gmail enforces a DMARC policy

- Gmail sees the forwarded email as if they were coming from the original sender, e.g.: Facebook, PayPal, etc. etc.

- But the emails are NOT coming from the mailservers of those senders (e.g. mail.facebook.com, mail.paypal.com – fake examples), they are actually coming from the Kerio mail server (mail.itekmail.com)

- This triggers a failure of compliance with DMARC, since the sending mail server doesn't match the sending address.

- Unfortunately there isn't much we can do about this, other than use the main account (name@clientname.com), setting it up on a mail client of your choice, to avoid this problem.

- Joe and Jerry discuss Eero, and Joe explains the challenge of configuring an alternate subnet:

- Eero ad automatically assigned subnet

- AV guy had static IPs manually assigned to two IR controllers

- had to use Advanced settings to hangs subnet to ( not an option; annoying because that's a common Apple one so this must be a common issue)

- tried to adjust starting IP to, subnet to, and ending IP to; didn't work

- after updating, allowed me to select range and change it to range, which worked