> On May 23, 2026, at 1:52 PM, John Levine via mailop <[email protected]> wrote: > > It appears that Dan Mahoney via mailop <[email protected] > <mailto:[email protected]>> said: >> Hey guys, this looks like a fun one. >> >> I have a user, Jack Zito. He owns jackzito.com <http://jackzito.com/>, for >> whom i host a vanity domain. Jack wants to forward his mail to hotmail, >> and hotmail has removed the ability to check external accounts (google's >> also removing this option). >> >> There's a fashion brand, Vitaly, that's sending jack email. It comes with a >> VERPified sender. I forward it on, not modifying >> either the body or the MAIL FROM so I don't break DKIM signatures. >> According to microsoft, it passes DKIM and DMARC (not >> SPF). They still bounce it. > > Yeah, they have a new rule that both SPF and DKIM have to pass. It might > work if you change the > envelope address to one you control so the SPF is OK, or it might not.
(Sorry for the somewhat delayed response, had my head deep in other DMARC'y things). This seems like just the problem that SRS is supposed to solve. <<< 550 5.7.515 Access denied, sending domain GEEKSOUTFIT.COM <http://geeksoutfit.com/> doesn't meet the required authentication level. The sender's domain in the 5322.From address doesn't meet the authentication requirements defined for the sender. To learn how to fix this see: https://go.microsoft.com/fwlink/p/?linkid=2319303 Spf= Fail , Dkim= Pass , DMARC= Pass [SA1PR19MB5214.namprd19.prod.outlook.com <http://sa1pr19mb5214.namprd19.prod.outlook.com/> 2026-06-07T15:00:43.133Z 08DEC466AEF18D4B] [CH0P221CA0031.NAMP221.PROD.OUTLOOK.COM <http://ch0p221ca0031.namp221.prod.outlook.com/>2026-06-07T15:00:43.173Z 08DEC456A262BDEA] [CH2PEPF00000142.namprd02.prod.outlook.com <http://ch2pepf00000142.namprd02.prod.outlook.com/> 2026-06-07T15:00:43.176Z 08DEC3EB5E87E482] 554 5.0.0 Service unavailable So I guess I'm going to be rewriting both the envelope *and* the From: header. I'd be concerned about breaking VERP here, but...see earlier in this thread, VERP replies just double-bounce. I hope Jack doesn't want to actually, yanno...REPLY to any mail when there's no reply-to: header. My normal advice would be to tell Jack to just use the "check external account" function in the web client, but both MS and GM have removed/are removing this. Cool. Cool cool cool. -Dan
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
