On 22.11.19 07:24, Richard Damon wrote:
Base SPF works through a traditional forwarder, because the base rules for SPF allow the message to pass based on the domain of the Sender: header, not just the From:. A proper forwarder will add a Sender: header for itself, to indicate that while it was not the originator of the message, it was the last one to send it. DMARC changes the rules for SPF, and says that the message must align with the From: header, based on the idea that most mail readers don't show you that sender does not equal from.
SPF is designed to work with envelope addresses, not headers. Any forwarder that keeps envelope address (which is common for .forward files or MTA-level mail aliases) thus breaks spf unless measures are made. And this it the main problem with SPF enforcement. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I wonder how much deeper the ocean would be without sponges.