If final recipient see dkim fail blame the forward host
Sendt fra Samsung mobil
-------- Oprindelig meddelelse --------
Fra: Miles Fidelman <[email protected]>
Dato:2014/04/27 00.49 (GMT+01:00)
Til: [email protected]
Emne: Re: [dmarc-discuss] DMARC woes - forwarding signed / encrypted
e-mail
Not true. If you forward a message with From: <[email protected]>, then it
will fail DMARC p=reject, the From: address will not "align" with the
forwarding server.
Miles Fidelmn
Al Iverson wrote:
> Forwarding alone shouldn't be blowing up messages. If you're doing
> something to the message content that invalidates the DKIM signature
> or causes the the from address and return path to not be aligned,
> that's where you're going to run into problems. If you don't modify
> the message in any way while forwarding it on, you shouldn't run into
> issues due to DMARC.
>
> Regards,
> Al Iverson
>
> On Sat, Apr 26, 2014 at 4:30 PM, Paul Scott <[email protected]> wrote:
>> I run a number of web sites where users wish to have their e-mail address
>> with their own domain name. Some of these users (quite a few) do not read or
>> send mail through their web site or via their own domain server; rather they
>> wish their mail to be forwarded to a free mail account such as Yahoo! or
>> Gmail.
>>
>> Of course, the problems encountered with such a configuration have been
>> discussed on this list. And, I have independently arrived at a solution I
>> now see has been discussed: before forwarding incoming mail, munge the From:
>> header to match the forwarding server, and copy the sender’s e-mail address
>> to a Reply-To: header. Aside from being extremely ugly -- and problematic on
>> a perception level — it is also unworkable when the original sender’s e-mail
>> has been signed or encrypted.
>>
>> With signed or encrypted mail, the sender’s e-mail address no longer matches
>> their certificate so the validation fails.
>>
>> I don’t see any solution to this problem other than abandoning DMARC.
>> Unfortunately, a lot of organizations have adopted it, and the community
>> suffers as a result. Honestly, I don’t think DMARC was thought-out before it
>> was implemented. If I’m wrong, please set me straight and show me a solution.
>>
>> Thanks,
>> Paul
>>
>>
>>
>>
>> _______________________________________________
>> dmarc-discuss mailing list
>> [email protected]
>> http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>>
>> NOTE: Participating in this list means you agree to the DMARC Note Well
>> terms (http://www.dmarc.org/note_well.html)
>
>
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
