On Fri, 01 Aug 2014 03:27:42 -0400
Scott Kitterman via dmarc-discuss <[email protected]> wrote:
> On Friday, August 01, 2014 08:09:53 Anders Wegge Keller via dmarc-discuss
> wrote:
>> On Thu, 31 Jul 2014 22:31:36 +0000
>> As soon as there is a Sender field in the header, it's the SPF and/or
>> DKIM records for the domain in that header, that's used for
>> verification. So in this case you need to work with the forwarder, and
>> make them stop their practice.
> No. DMARC always keys off From. Not Sender.
In that case, gmail (Which is the case mentioned by the OP) must divert
from that. I have experimentally found that adding a Sender, and
DKIM-signing with the senders domain, will lead to acceptance of the mail,
even when from is @gmail.com:
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of [email protected] designates \
5.9.72.151 as permitted sender) [email protected];
dkim=pass [email protected]
Also, I fail to see how mailing lists could work otherwise, as they
routinely change several of the signed header fields.
--
//Wegge
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
