Hi, >> >> Can someone help me understand why this auto-away message failed >> >> the DMARC tests? >> >> >> >> http://pastebin.com/wXhxex92 >> >> >> >> It looks like it passed through an AOL MX, yet SPF still failed. >> > >> > It didn't fail SPF, it failed to pass because there's no envelope >> > sender address. >> >> DMARC think in alignments. Authentication for SPF or DKIM (or both) >> must be aligned with RFC5322.From. >> >> SPF bind RFC5321.MailFrom to an Entiry. For any >> DeliveryStatusNotification or Autoresonder the RFC5321.MailFrom is >> required to be empty. So SPF *never* could be aligned to >> RFC5322.From for such messages. > > FWIW automated replies are allowed to have a null address, but > it's not required. > > The important thing is that this one didn't. > >> The only way to generate a DMARC=pass is DKIM. A domainowner has to >> DKIM-sign DeliveryStatusNotification or Autoresonder in alignement >> to the RFC5322.From. > > I assume the OP knows why it didn't pass DKIM since he specifically > mentioned SPF.
No, I really don't understand. I have a basic understanding of DKIM/DMARC and understand it's dependent upon SPF, which is why I mentioned that. If I recall, these are treated essentially as DSNs, correct? In these cases, the From is null. So ultimately who's at fault here for causing this to fail? AOL? What should have been done to prevent it?
