Rewrite 'from' header to enable forwarding to overcome dmarc restrictions?
Mark Sapiro
mark at msapiro.net
Wed May 7 04:35:21 IST 2014
On 05/06/2014 08:03 PM, Furnish, Trever G wrote:
> Hi, Mark. It's not breaking dkim, it's violating the receiver's implementation of SPF, which appears to be looking not just at the envelope header, but also at message headers -- I wonder whether this means they have actually implemented SenderID rather than SPF.
If the message is DKIM signed by the domain of the address in From:, it
should pass DMARC as long as the signature is valid.
The tests are:
Is there a valid DKIM signature with a d= domain that "aligns" (a DMARC
technical term) with the domain of the From: address
or
Does the server pass SPF and does the domain of the envelope sender (the
SPF domain) "align" with that of the From: header.
Forwarding will break SPF alignment, but if there is an original DKIM
sig and it is valid, the message should still pass DMARC.
See the spec at
<https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/> and lots
of descriptive info at <http://www.dmarc.org/>
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list