[dmarc-discuss] FW: Unauthenticated emails being delivered to Google

[MH Michael Hammer (5304) via dmarc-discuss]

> -----Original Message-----
> From: dmarc-discuss [mailto:dmarc-discuss-boun...@dmarc.org] On Behalf 
> Of Anders Wegge Keller via dmarc-discuss
> Sent: Friday, August 01, 2014 2:10 AM
> To: dmarc-discuss@dmarc.org
> Subject: Re: [dmarc-discuss] Unauthenticated emails being delivered to 
> Google
> 
> 
>  As soon as there is a Sender field in the header, it's the SPF and/or 
> DKIM records for the domain in that header, that's used for 
> verification. So in this case you need to work with the forwarder, and 
> make them stop their practice.
> 
> --
> //Wegge
> 

This is an incorrect assertion. SPF looks at the domain in the Mail From (or in 
some cases the EHLO). DKIM uses the domain in the d= field of the DKIM 
signature. The fact that there is a sender field in the message body headers 
does not change this. You may be thinking of SenderID and PRA (which are 
historical).

Mike

_______________________________________________
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)