On Friday, August 01, 2014 08:09:53 Anders Wegge Keller via dmarc-discuss wrote: > On Thu, 31 Jul 2014 22:31:36 +0000 > > "Norman, Jean Marie via dmarc-discuss" <[email protected]> wrote: > > Has anyone experienced unauthenticated emails being delivered to Google > > recipients despite having a DMARC policy (quarantine or reject) in place? > > We have seen evidence that unauthenticated emails (not passing both SPF > > and DKIM) are being delivered to Google, despite a DMARC policy, when > > messages pass through a 'forwarder', as noted by Google. We are trying to > > better understand this behavior and whether or not anyone has found a > > solution? Any insight or recommendations would be appreciated. > > As soon as there is a Sender field in the header, it's the SPF and/or DKIM > records for the domain in that header, that's used for verification. So in > this case you need to work with the forwarder, and make them stop their > practice.
No. DMARC always keys off From. Not Sender. Scott K _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
