On Fri, 5 May 2017 14:51:32 +0000 David Jones wrote: > >I know. I do not want to validate the envelope from with DKIM. I > >just want to know if the mail was DKIM-VALID signed by the DOMAIN > >used in the envelopefrom. > > >So the only thing I want with the envelop from is to extract the > >domain and test if the mail was DKIM signed (and valid) by that > >domain. > > >This tells me the envelope from is not some random spoofed address, > >but actually controlled by someone who handled the e-mail before it > >arrived at our mta. > > This actually would be a very useful rule/logic to add to SA: > https://blog.returnpath.com/why-passing-and-aligning-both-spf-and-dkim-is-key-to-email-deliverability/
So what would be the point in running a separate DKIM test against the envelope if you are looking for alignment. > When both align, it should be a very good candidate for whitelist_auth > based on the sender domain reputation. If it passes DKIM and the domain has a good reputation then what difference would alignment make.