John,
On 03/18/2013 09:02 PM, John R Levine wrote:
But I still not sure . Is that possible to send from another host like
Gmail with Good DKIM,SPF and DMARC reject policy or not?
No, it is not.
I assume your answer is based on the 'like Gmail' part of the question?
If we leave out 'like Gmail' from the above question, it seems to me the
answer is 'no for DKIM', 'yes' for SPF and hence 'yes' for DMARC?
As for DKIM: when the private key is kept safe and is not shared with
third parties, there is no way that mail sent from another host yields a
valid DKIM signature for that domain (assuming that DNSSEC is deployed
for the domain/resource records for that particular domain).
As for SPF: it is no problem to include IP addresses from third parties
within the SPF DNS entry for a domain. This means mail sent via a third
party host can still result in an 'SPF Authenticated Identifier'.
As for DMARC: if the SPF 'Authenticated Identifier' is in alignment with
the RFC5322.From domain, the message passes the DMARC mechanism check
and a DMARC reject policy does not apply.
Or am I misinterpreting the DMARC spec?
/rolf
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
