MailScanner and Zimbra
Mark Sapiro
mark at msapiro.net
Mon Nov 4 01:50:45 UTC 2019
On 11/3/19 5:30 PM, David Jones via MailScanner wrote:
> Those Zimbra rules are better than nothing but they aren’t correct on
> lines 88, 93, and 98. The DMARC specification says that DKIM should
> pass and align with the From: domain OR SPF should pass and align with
> the envelope-from domain. Those rules at those lines say it’s an AND
> but it should be OR like
You are correct that DMARC requires a valid DKIM signature aligned with
the From: domain OR a valid SPF ...
SPF itself requires that the envelope from domain's SPF record permit
the sending server, but DMARC places an additional requirement that the
valid SPF domain, which by definition of SPF is the envelope from
domain, align with the domain of the From: header.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list