On 2017-02-09 08:54:09 (-0800), Alan Hodgson <ahodg...@lists.simkin.ca> wrote: > On Thursday 09 February 2017 10:15:17 Philip Paeps wrote: > > Also note that DMARC breaks forwarding like this (or forwarding > > breaks DMARC, depending on your religious affiliation). You can get > > around SPF as long as your envelope matches your relay but for > > DMARC, the From: domain also needs to be aligned. > > Forwarding does not break DMARC. A DMARC pass requires that either SPF > or DKIM pass, not both.
I stand corrected. Thank you for refreshing my memory. It's been a while since I looked at DMARC in detail. > Forwarding only breaks DMARC if you modify the message and break the > DKIM signature. Mailing lists that modify the Subject header or body, > for instance, break DMARC. Normal forwarding does not. Correct. Stupid forwarders only break SPF, not DKIM. So DMARC will not break any more than SPF already will. > Forwarding is still a terrible idea, of course. Spam has killed > forwarding, IMO. Absolutely agreed -- unless you have complete control over the receiving end. I don't mind phi...@freebsd.org forwarding to phi...@trouble.is because I can whitelist the forwarder. Forwarding *@trouble.is to a mailbox @google.com or @hotmail.com or @yahoo.com on the other hand would be a catastrophically bad idea. Philip -- Philip Paeps Senior Reality Engineer Ministry of Information _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
