On 2021-08-13 at 08:05:44 UTC-0400 (Fri, 13 Aug 2021 08:05:44 -0400)
<[email protected]>
is rumored to have said:
Raf,
Im confused by this, i thought as long as either dkim or spf passes
then dmarc passes. But i still see dmarc fails.
Envelope-From: [email protected]
Header From: [email protected]
DKIM: bad signature data
DMARC: SPF(mailfrom): dovecot.org pass
DMARC: netcourrier.com fail
Shouldn't dmarc pass with the good SPF?
Not with the MailFrom domain that doesn't align to the header From
address.
Domain alignment is essential to DMARC. DMARC always refers to the From
header domain. SPF validates the envelope sender (MailFrom) domain. DKIM
can validate any domain, even one not used anywhere else in the message.
For DMARC to succeed, the From header domain must align with a domain
whose validation mechanism succeeds.
--
Bill Cole
[email protected] or [email protected]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
