On Friday, August 01, 2014 10:46:08 Anders Wegge Keller via dmarc-discuss wrote: > On Fri, 01 Aug 2014 03:27:42 -0400 > > Scott Kitterman via dmarc-discuss <[email protected]> wrote: > > On Friday, August 01, 2014 08:09:53 Anders Wegge Keller via dmarc-discuss > > > > wrote: > >> On Thu, 31 Jul 2014 22:31:36 +0000 > >> > >> As soon as there is a Sender field in the header, it's the SPF and/or > >> > >> DKIM records for the domain in that header, that's used for > >> verification. So in this case you need to work with the forwarder, and > >> make them stop their practice. > > > > No. DMARC always keys off From. Not Sender. > > In that case, gmail (Which is the case mentioned by the OP) must divert > from that. I have experimentally found that adding a Sender, and > DKIM-signing with the senders domain, will lead to acceptance of the mail, > even when from is @gmail.com: > > Authentication-Results: mx.google.com; > spf=pass (google.com: domain of [email protected] designates \ > 5.9.72.151 as permitted sender) [email protected]; > dkim=pass [email protected] > > Also, I fail to see how mailing lists could work otherwise, as they > routinely change several of the signed header fields.
They don't. That's one of the major reasons why the IETF is considering kicking off a new DMARC related working group. Scott K _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
