On 2021-08-13 at 08:05:44 UTC-0400 (Fri, 13 Aug 2021 08:05:44 -0400)
<post...@ptld.com>
is rumored to have said:
Raf,
Im confused by this, i thought as long as either dkim or spf passes
then dmarc passes. But i still see dmarc fails.
Envelope-From: dovecot-boun...@dovecot.org
Header From: some...@netcourrier.com
DKIM: bad signature data
DMARC: SPF(mailfrom): dovecot.org pass
DMARC: netcourrier.com fail
Shouldn't dmarc pass with the good SPF?
Not with the MailFrom domain that doesn't align to the header From
address.
Domain alignment is essential to DMARC. DMARC always refers to the From
header domain. SPF validates the envelope sender (MailFrom) domain. DKIM
can validate any domain, even one not used anywhere else in the message.
For DMARC to succeed, the From header domain must align with a domain
whose validation mechanism succeeds.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire