Aug 22 2020 09:08 AM - edited Aug 22 2020 09:13 AM
Hey Community!
Today I have sent myself two mail messages with the same content from my personal mail account (ProtonMail with a custom domain and activated functions SPF, DKIM & DMARC) to my @outlook.de address. The configuration of SPF & DMARC looks like this:
SPF:
v=spf1 include:_spf.protonmail.ch mx ~all
DMARC:
v=DMARC1; p=quarantine; rua=mailto:xxx@xxx.xxx; pct=100; aspf=s; adkim=s
The first one landed in the junk folder. The second (around 4 minutes later) in the inbox. I'm now trying to find out why this is so but have some difficulty in correctly interpreting some of the header data when investigating it. At least I have noticed some things that are likely to be relevant informations. I used the comparison feature of Notepad++ for this:
Left: Header data of the non-filtered mail / Right: Header data of the mail classified as junk
1.
2.
3.
4.
My first impression: Especially the first two points looking suspicious. Why were the entries "X-MS-Exchange-ATPSafeLinks-Stat" and "X-MS-Exchange-ATPSafeLinks-BitVector" deleted or not transferred?
I am thankful for every feedback.
Greetings from germany,
fommio