Hey, I'll answer the best I know.
The bypass i meant would be only for 1-2 Formulars which are hosted on another company server but in our name. So perhaps its a bit tricky to get one who can handle a dkim entry. SPF is set for the server in our DNS Entry.
So, what we do at our business is we do subdomains for any 3rd party emailing as us. This allows for separate SPF and DKIM/DMARC
- Is it possible to pass the mail if spf is correct or DKIM ? Only Quarantine if both fails?
Not really, if SPF fails and they have a -all, it's an auto reject. It'll only pass if their record ends with ~all. But, I'm not sure with where the reject/bounce happens since you can do SPF/DKIM content filters, so may need to test. I'm not sure if it works, or need to disable checking in the mail flow policy.
- i found a document with spf / dkim fails monitoring on content filter. Means that that i can configure that , the mails are running through i.e. but i see that in this monitoring what was the issue?
If you are talking logs, it'll just say SPF or DKIM fail, or softfail. You will not get more than that and have to do some legwork.
- understood i right that if someone sends via webgui from a different server (SPF is entry) i can make a bypass for dkim for this domain / MTA ?
So, it is not recommended to whitelist a sending domain, but the actual email servers they are using. Otherwise a spoof message could be allowed.
- Do you know a free tool (for the start which can handle the lots of xml/gzip information sent to us) ? We use Valimail, I believe they have a free option.
