MailScanner and Zimbra

Mark Sapiro mark at
Mon Nov 4 01:50:45 UTC 2019

On 11/3/19 5:30 PM, David Jones via MailScanner wrote:
> Those Zimbra rules are better than nothing but they aren’t correct on
> lines 88, 93, and 98.  The DMARC specification says that DKIM should
> pass and align with the From: domain OR SPF should pass and align with
> the envelope-from domain.  Those rules at those lines say it’s an AND
> but it should be OR like

You are correct that DMARC requires a valid DKIM signature aligned with
the From: domain OR a valid  SPF ...

SPF itself requires that the envelope from domain's  SPF record permit
the sending server, but DMARC places an additional requirement that the
valid SPF domain, which by definition of SPF is the envelope from
domain, align with the domain of the From: header.

Mark Sapiro <mark at>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list