Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

* Al Iverson via mailop: > Sorry, Ralph, you're really on the wrong track here. I'm OK with agreeing to disagree, and the discussion in itself has merit even if we have different opinions. I did not claim that my method is suitable for each and every case, however I do know it works nicely for

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

On Fri, Jun 5, 2020 at 6:14 PM Brandon Long wrote: >> This is silly. Stop pushing this. >> >> If every Googler started posting from monksofcool.net then there would >> grow, over time, a population of people who understood that this was a >> Googler domain and those people could potentially be a

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

On Fri, Jun 5, 2020 at 2:25 PM Al Iverson via mailop wrote: > On Fri, Jun 5, 2020 at 2:41 PM Ralph Seichter via mailop > wrote: > > > > * Brandon Long: > > > > > If we leave googlers.com open, then phishers are going to use it to > > > send messages looking like [...] "secur...@googlers.com"

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

* Al Iverson via mailop: > This is silly. Stop pushing this. You may think it "silly", but that won't stop me from using and promoting this method. It is a cheap and easy way to avoid existing problems regarding mailing list use. > If every Googler started posting from monksofcool.net then

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

On Fri, Jun 5, 2020 at 2:41 PM Ralph Seichter via mailop wrote: > > * Brandon Long: > > > If we leave googlers.com open, then phishers are going to use it to > > send messages looking like [...] "secur...@googlers.com" and do what > > they do best. > > One solution to that is not to use

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

In article , Tobias Herkula via mailop wrote: >It is possible to do depending on the sacrifices you are willing to take: > >5321.MailFrom Domain = imp.ch >5322.From Domain = breitband.ch >5322.Sender Domain = imp.ch > >If you run with that you can set DKIM Domain to imp.ch and still send with

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

* Brandon Long: > If we leave googlers.com open, then phishers are going to use it to > send messages looking like [...] "secur...@googlers.com" and do what > they do best. One solution to that is not to use "googlers.com", but to use a domain name with no visible ties to a particular company.

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

On Thu, Jun 4, 2020 at 4:16 PM Ralph Seichter via mailop wrote: > * Brandon Long: > > >> I recommend using separate domains, or subdomains, for regular > >> business and for mailing lists [...] > > > > Why? > > Because something is definitely wron if an email from ra...@mycorp.com > (an address

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

It is possible to do depending on the sacrifices you are willing to take: 5321.MailFrom Domain = imp.ch 5322.From Domain = breitband.ch 5322.Sender Domain = imp.ch If you run with that you can set DKIM Domain to imp.ch and still send with breitband.ch in your From. And alignment should be fine.

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

> Using DMARC p=reject without DKIM is broken anyway. You cannot control > how or where your recipients forward their email (and I promise you > many of them forward it to Gmail from IP addresses that are not in > your SPF record). Yes this is why SRS is being used to re-write the envelope

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

* Brandon Long: >> I recommend using separate domains, or subdomains, for regular >> business and for mailing lists [...] > > Why? Because something is definitely wron if an email from ra...@mycorp.com (an address only used for business) fails SPF or DKIM checks, and I'd like to know about that.

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

Yeah, I agree on the split domain, we’ve had enough trouble with customers getting fooled with off domains. IE F1SERV.COM instead of fiserv.com , et al… There’s enough there in the font specification that I know most coders still trying to find their

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

On Thu, Jun 4, 2020 at 8:28 AM Ralph Seichter via mailop wrote: > * John Levine via mailop: > > > Mailing lists have only been adding subject tags since the 1980s. > > I do not wish to delve into whether these tags are useful or not, but > rewriting subjects or bodies invalidate existing DKIM

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

In article <871rmukg4q@wedjat.horus-it.com> you write: >* John Levine via mailop: > >> Mailing lists have only been adding subject tags since the 1980s. > >I do not wish to delve into whether these tags are useful or not, but >rewriting subjects or bodies invalidate existing DKIM signatures.

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

On Thu, 2020-06-04 at 13:36 +0200, Benoît Panizzon via mailop wrote: > > So I guess using only SPF and DMARC with a reject policy will not work > if the envelope sender and from domain do not align. Using DMARC p=reject without DKIM is broken anyway. You cannot control how or where your

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

* John Levine via mailop: > Mailing lists have only been adding subject tags since the 1980s. I do not wish to delve into whether these tags are useful or not, but rewriting subjects or bodies invalidate existing DKIM signatures. I recommend using separate domains, or subdomains, for regular

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

> On 4 Jun 2020, at 12:36, Benoît Panizzon wrote: > > Hi Laura > >> It is possible, if you are signing with a DKIM d= of the domain in >> the 5321.from address. > > We use only SPF at the moment. There are many systems which send emails > to 'external' recipients with the @imp.ch domain. It

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

In article <20200604112224.gt65...@symphytum.spacehopper.org> you write: >On 2020/06/04 12:05, Andrew C Aitchison via mailop wrote: >> On Thu, 4 Jun 2020, Benoît Panizzon via mailop wrote: >> >> [ Not replying to the list as this may be off topic, >> but you are welcome to bring it back on

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

In article <20200604133652.13ea3...@chewbacca.woody.ch> you write: >So I guess using only SPF and DMARC with a reject policy will not work >if the envelope sender and from domain do not align. If you can't reliably sign with a DKIM signature that matches the From: domain, and you care if your

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

On Thu, 2020-06-04 at 12:06 +0200, Benoît Panizzon via mailop wrote: > Our Support Case System (RT/3) uses a global configured envelope > sender: but depending on the Queue, a different > Header From:supp...@breitband.ch We use RT too and same problem if a queue is whitelabeled to use a client

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

Hi Laura > It is possible, if you are signing with a DKIM d= of the domain in > the 5321.from address. We use only SPF at the moment. There are many systems which send emails to 'external' recipients with the @imp.ch domain. It would take some time to find ways to deploy DKIM in this very mixed

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

On 2020/06/04 12:05, Andrew C Aitchison via mailop wrote: > On Thu, 4 Jun 2020, Benoît Panizzon via mailop wrote: > > [ Not replying to the list as this may be off topic, > but you are welcome to bring it back on list if you wish. ] Unfortunately this is one of those mailing lists using

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

On Thu, 4 Jun 2020, Benoît Panizzon via mailop wrote: [ Not replying to the list as this may be off topic, but you are welcome to bring it back on list if you wish. ] Hi Gang Tanks for the various feedback, learning a log :-) I found one issue caused by domain alignment in DMARC. Looking

Re: [mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

> On 4 Jun 2020, at 11:06, Benoît Panizzon via mailop wrote: > > Hi Gang > > Tanks for the various feedback, learning a log :-) I found one issue > caused by domain alignment in DMARC. > > We use two domains: > > imp.ch (our company) > breitband.ch (our service brand) > > Our Support Case

[mailop] How to allow different domain in envelope and header from? (Is Gmails DMARC check broken?)

Hi Gang Tanks for the various feedback, learning a log :-) I found one issue caused by domain alignment in DMARC. We use two domains: imp.ch (our company) breitband.ch (our service brand) Our Support Case System (RT/3) uses a global configured envelope sender: but depending on the Queue, a