On 3/19/13 4:33 PM, "Scott Kitterman" <[email protected]> wrote: >On Tuesday, March 19, 2013 06:21:34 PM [email protected] wrote: >> How should DMARC consider SPF Alignments when a message has been >>forwarded >> with SRS >from: <[email protected]> >> >> >return path: <[email protected]> If >> >> this wasn't SRS forwarded, this will normally be in Strict Alignment, >> since it's been forwarded with SRS, does that break the alignment or is >>it >> unwound to be in strict alignment again? > >It's not unwound, but it doesn't matter. If you consider SRS, unwind it, >and >use the original domain, SPF itself will fail, so you'll be aligned, but >with >SPF fail. No luck there. With SRS, you end up with SPF pass, but >unaligned. >No luck for DMARC there.
The only thing I can think of is an SPF module that also evaluates SRS and, if SRS passes, reports that the SRS domain (the original) is the one SPF verified, and not the one in the MAIL FROM of the arriving message. There's experimental precedent for this kind of thing; see Section 6 of RFC6541. So it really depends on how your SPF/SRS (and DKIM) implementations report results to the DMARC implementation. -MSK _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
