On 08/03/2013 08:05 PM, DSH wrote:
What is puzzling to me is the fact that the mail that fails the SPF
check apparently passes the DKIM check. I would think that if it
> passed the DKIM check then it would have to have come from my server
> so it should also pass the SPF check and it doesn’t. Is there a
> scenario other than someone having my private key file that would
> account for such a result?
Absolutely. I expect such a scenario happens many of times each day.
What does SPF tell you? It tells you whether or not the host sending the
message is included in a list of hosts authorized to send messages using
a given domain.
What does forwarding look like? A message received by one host, is sent
on to a recipient on another host - usually initiated by the recipient,
and often invisible to the original sender. But either way, to that
second receiving host it looks like the message originated from the
intermediate host in the context of an SMTP transaction. Plain old SPF
doesn't survive this kind of forwarding, because the SPF check is being
performed against an intermediate host the owner of the sending domain
hasn't authorized.
What does DKIM do? DKIM attaches a digital signature to a message based
on the message body and some headers. If the message is forwarded, then
so long as the forwarding host doesn't change the message body or the
signed headers, the message should still verify successfully.
So it's entirely reasonable for a message that fails SPF due to
recipient-driven forwarding to still pass a DKIM check. And if your DKIM
check didn't pass due to some transient DNS issue, perhaps your SPF
check already did because it was done before the glitch. This potential
synergy is often a big part of why you'll see recommendations to use
both systems together.
--S.
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
