On 08/31/2013 11:55 AM, Scott Kitterman wrote:
> On Saturday, August 31, 2013 14:15:25 John Levine wrote:
>>> So what is the problem here? Misconfiguration on my mail server,
>>> problem with Google's DMARC logic, or a DMARC spec ambiguity?
>>
>> What leads you to conclude that there is a problem?  It sounds like
>> everything worked the way it is supposed to.
> 
> If the hostname of the mail server was a subdomain of the From domain, then 
> maybe not (I don't know, as we don't have enough data).  RFC 4408 says:

No, the hostname of the mail server is not a subdomain of the From
domain. But the mail server is a valid SPF sender for that domain.

>>    ... When the reverse-path is null, this document
>>    defines the "MAIL FROM" identity to be the mailbox composed of the
>>    localpart "postmaster" and the "HELO" identity (which may or may not
>>    have been checked separately before).
> 
> The wording is identical in 4408bis.
> 
> My reading of this is that if an SPF verifier is checking postmaster@HELO 
> when 
> mail from is null, that ought to be treated as a valid mail from result and 
> used by dmarc as an input.
> 
> Given that, if there was identity alignment, DMARC should have accept it.
> 
> What were the domain names in the HELO/server hostname and body from of the 
> message?

The mail from domain name in the body of the message differs from the
HELO/server hostname. But again, the HELO/server hostname is a valid
SPF sender, based on an SPF "a" directive.

Regards,
Raman
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Reply via email to