On 2022-05-09 at 17:28:59 UTC-0400 (Mon, 09 May 2022 21:28:59 +0000) Laurent S. <110ef9e3086d8405c2929e34be5b4...@protonmail.ch> is rumored to have said:
> On Monday, May 9th, 2022 at 20:35, Alex <mysqlstud...@gmail.com> wrote: > > >> I'm trying to understand why this email from a bank fails DMARC when >> mxlookup says the DMARC record is just fine. >> https://pastebin.com/0T4Gjn3v >> > >> * 1.8 DMARC_REJECT DMARC reject policy >> * 6.0 KAM_DMARC_REJECT DKIM has Failed or SPF has failed on the message >> * and the domain has a DMARC reject policy >> > >> It also passes SPF and DKIM > > As far as I understand, for DMARC to be valid, the enveloppe sender address > and the header From needs to have the same domain. Not so. One of SPF (using the domain of the envelope sender) or DKIM (using the domain of the signature) must validate AND the domain used in the validation must match the domain of the author identified by the From header. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
