In article <CAAQnKjCyQapy2zKt85OBUhtc5wRja5LRfaoZDtAiW5p=8dy...@mail.gmail.com> you write: >Dumb question time. In that scenario, if mail is forwarded with the >DKIM signature intact, would that be good enough to still pass DMARC? >Or will it fail because SPF now fails?
Assuming no gratuitous changes to the message, yes. But I've found a dismaying number of people only using SPF and publishing p=reject anyway. As someone else noted, this is really a bug in the configuration, since the system doing the DMARC evaluation should do it relative to the MX, not some later hop. R's, John -- Regards, John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)