On Tue, Jul 22, 2025 at 4:29 PM Murray S. Kucherawy <[email protected]> wrote:
> On Tue, Jul 22, 2025 at 4:41 PM Dave Crocker <[email protected]> wrote: > >> This appears to be derived from DMARC, except that DMARC only mandates >> this when SPF is used. The current work seeks to mandate it always. So >> it requires both Mail From and From: to be aligned with the (same?) >> signature. >> > > Can you point me to the SPF-specific constraint? I thought DMARC required > alignment for both SPF and DKIM in order to consider their "pass" results > as usable. That is, a passing DKIM signature for a domain unrelated to the > RFC5322.From domain is discarded by DMARC. > > I know it's been a few days, but I scanned subsequent posts in this thread and I didn't see anyone respond to Murray's statement here. DMARC (RFC 7489) and DMARCbis both only require that one Authenticated Identifier pass and align with the RFC5322.From in order to achieve a DMARC pass. Put another way, SPF must pass and the RFC5321.MailFrom domain must align with the RFC5322.From domain OR DKIM must pass and the DKIM signing domain must align with the RFC5322.From domain. https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-41.html#name-determine-dmarc-pass-or-fai -- Todd Herr Some Guy in VA LLC [email protected] 703-220-4153
_______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
