Murray Kucherawy <[email protected]> wrote:
>On 3/19/13 4:33 PM, "Scott Kitterman" <[email protected]> wrote: >>On Tuesday, March 19, 2013 06:21:34 PM [email protected] wrote: >>> How should DMARC consider SPF Alignments when a message has been >>>forwarded >>> with SRS >from: <[email protected]> >>> >>> >return path: <[email protected]> >If >>> >>> this wasn't SRS forwarded, this will normally be in Strict >Alignment, >>> since it's been forwarded with SRS, does that break the alignment or >is >>>it >>> unwound to be in strict alignment again? >> >>It's not unwound, but it doesn't matter. If you consider SRS, unwind >it, >>and >>use the original domain, SPF itself will fail, so you'll be aligned, >but >>with >>SPF fail. No luck there. With SRS, you end up with SPF pass, but >>unaligned. >>No luck for DMARC there. > >The only thing I can think of is an SPF module that also evaluates SRS >and, if SRS passes, reports that the SRS domain (the original) is the >one >SPF verified, and not the one in the MAIL FROM of the arriving message. >There's experimental precedent for this kind of thing; see Section 6 of >RFC6541. > >So it really depends on how your SPF/SRS (and DKIM) implementations >report >results to the DMARC implementation. Although if you trust the remote host enough to believe it's not lieing about using SRS, you probably trust it enough not to worry about DMARC verification. Scott K _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
