Matus UHLAR - fantomas: > > > > > and spf is unapplicable since the envelope from is null. > > > > > > > > Isn't that the case with all bounce messages? > > > Matus UHLAR - fantomas: > > > usually yes, it should be. But we of course can't guarantee that. > > > > > > This also means that SPF can't be used, thus either those messages have > > > DKIM > > > signatures, or they CAN NOT pass DMARC. > > On 22.04.22 16:22, David Bürgin wrote: > > In SPF, when the reverse-path is null, the HELO name is instead > > verified. So a null reverse-path can work fine with relaxed alignment. > > but related to DMARC, this could only be applied only in case of the HELO > being identical to From: domain I guess
If some mail server sends you a bounce message, part of the conversation will be: EHLO mail.mydomain.org MAIL FROM:<> ... From: me <m...@mydomain.org> When MAIL FROM is empty, SPF will verify the HELO domain (with local-part ‘postmaster’) instead. In this example, given the proper setup, mail.mydomain.org would pass SPF, and using the default relaxed alignment, DMARC would pass based on SPF alone.
