'Re: Validation DMARC'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postfix-users
Subject:    Re: Validation DMARC
From:       "Wesley Peng" <wesley () thepeng ! eu>
Date:       2019-11-25 2:23:15
Message-ID: 29f67a4b-158e-4b1e-a349-206eb2ac3dce () www ! fastmail ! com
[Download RAW message or body]

That's great explation. Thanks Richard.

On Mon, Nov 25, 2019, at 7:33 AM, Richard Damon wrote:
> On 11/24/19 6:21 PM, Wesley Peng wrote:
> > Why it doesn't break From: header SPF? Just curious 
> >
> > On Mon, Nov 25, 2019, at 4:12 AM, Chris Wedgwood wrote:
> >> > Or in short: DMARC intentionally breaks every mailinglist and every
> >> > mail-forwarding. So, if a mail-provider uses a strict DMARC-policy,
> >> > it effectively says: "Our mail-addresses may not be used for
> >> > mailinglists."
> >>
> >> this message (i am replying to) from you on this mailing list is not
> >> broken
> >>
> It DOES break DMARC/SPF, as the IP address the message comes from
> doesn't match the From of the message, but with DMARC if EITHER SPF or
> DKIM pass, the message is to be considered to pass.
> 
> A Domain with strict DMARC, and which doesn't DKIM sign messages, will
> fail with any form of remailer, so would fail for this application.
> 
> -- 
> Richard Damon
> 
> 
[Attachment #3 (text/html)]

<!DOCTYPE html><html><head><title></title><style \
type="text/css">p.MsoNormal,p.MsoNoSpacing{margin:0}</style></head><body><div>That's \
great explation. Thanks Richard.</div><div><br></div><div>On Mon, Nov 25, 2019, at \
7:33 AM, Richard Damon wrote:<br></div><blockquote type="cite" id="qt"><div>On \
11/24/19 6:21 PM, Wesley Peng wrote:<br></div><div>&gt; Why it doesn't break From: \
header SPF? Just curious&nbsp;<br></div><div>&gt;<br></div><div>&gt; On Mon, Nov 25, \
2019, at 4:12 AM, Chris Wedgwood wrote:<br></div><div>&gt;&gt; &gt; Or in short: \
DMARC intentionally breaks every mailinglist and every<br></div><div>&gt;&gt; &gt; \
mail-forwarding.&nbsp; So, if a mail-provider uses a strict \
DMARC-policy,<br></div><div>&gt;&gt; &gt; it effectively says: "Our mail-addresses \
may not be used for<br></div><div>&gt;&gt; &gt; \
mailinglists."<br></div><div>&gt;&gt;<br></div><div>&gt;&gt; this message (i am \
replying to) from you on this mailing list is not<br></div><div>&gt;&gt; \
broken<br></div><div>&gt;&gt;<br></div><div>It DOES break DMARC/SPF, as the IP \
address the message comes from<br></div><div>doesn't match the From of the message, \
but with DMARC if EITHER SPF or<br></div><div>DKIM pass, the message is to be \
considered to pass.<br></div><div><br></div><div>A Domain with strict DMARC, and \
which doesn't DKIM sign messages, will<br></div><div>fail with any form of remailer, \
so would fail for this \
application.<br></div><div><br></div><div>--&nbsp;<br></div><div>Richard \
Damon<br></div><div><br></div><div><br></div></blockquote></body></html>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic