On 26 Apr 2014, at 23:44, Al Iverson <[email protected]> wrote: > Forwarding alone shouldn't be blowing up messages. If you're doing > something to the message content that invalidates the DKIM signature > or causes the the from address and return path to not be aligned, > that's where you're going to run into problems. If you don't modify > the message in any way while forwarding it on, you shouldn't run into > issues due to DMARC.
Well, maybe. If the forwarded message has no DKIM signature but does have a DMARC policy that rejects based on SPF (a scenario that I think the spec is insufficiently clear about highlighting, BTW) then you'll also have problems. Personally I think SPF is against my religion, but I can't publish "v=spf1 +all" while using DMARC; I keep missing that a neutral SPF result can also result in a message being accepted, so I change to "v=spf1 a ?all" (or whatever) so I can get more useful DMARC reports (no rejection, to save the forwarders). If I want reliable support of forwarders I would drop SPF altogether, switch to a reject policy, and exclusively use DKIM. Of course, by using DKIM I can no longer use mailing lists without hacks. But forwarders are more important than lists, maybe? Cheers, Sabahattin _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
