Re: [dmarc-discuss] How to avoid messages rejection because of DMARC when sent through Gmail alias?

Mon, 18 Mar 2013 16:11:31 -0700 

I'm not John, but yes, there are well-understood ways to use third parties to 
send mail on behalf of your domain with p=reject, covered in the FAQ at 
http://dmarc.org/faq.html#s_14

This becomes much trickier -- arguably impossible to do safely -- if the third 
party is not a willing and contractually bound participant in this undertaking.

        Elizabeth

On Mar 18, 2013, at 3:05 PM, Rolf E. Sonneveld wrote:

> John,
> 
> On 03/18/2013 09:02 PM, John R Levine wrote:
>>> But I still not sure . Is that possible to send from another host like
>>> Gmail with Good DKIM,SPF and DMARC reject policy or not?
>> 
>> No, it is not.
> 
> I assume your answer is based on the 'like Gmail' part of the question? 
> If we leave out 'like Gmail' from the above question, it seems to me the 
> answer is 'no for DKIM', 'yes' for SPF and hence 'yes' for DMARC?
> 
> As for DKIM: when the private key is kept safe and is not shared with 
> third parties, there is no way that mail sent from another host yields a 
> valid DKIM signature for that domain (assuming that DNSSEC is deployed 
> for the domain/resource records for that particular domain).
> 
> As for SPF: it is no problem to include IP addresses from third parties 
> within the SPF DNS entry for a domain. This means mail sent via a third 
> party host can still result in an 'SPF Authenticated Identifier'.
> 
> As for DMARC: if the SPF 'Authenticated Identifier' is in alignment with 
> the RFC5322.From domain, the message passes the DMARC mechanism check 
> and a DMARC reject policy does not apply.
> 
> Or am I misinterpreting the DMARC spec?
> 
> /rolf
> 
> _______________________________________________
> dmarc-discuss mailing list
> [email protected]
> http://www.dmarc.org/mailman/listinfo/dmarc-discuss
> 
> NOTE: Participating in this list means you agree to the DMARC Note Well terms 
> (http://www.dmarc.org/note_well.html)


_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Reply via email to