Hello, I have a question about how to interpret a message for DMARC validation, relating to section 3.1.1, specifically:
To illustrate, in relaxed mode, if a validated DKIM signature successfully verifies with a "d=" domain of "example.com", and the RFC5322.From address is "[email protected]", the DKIM "d=" domain and the RFC5322.From domain are considered to be "in alignment". In strict mode, this test would fail, since the "d=" domain does not exactly match the FQDN of the address. We've encountered a situation where a sender has a DMARC record, and they've signed the message with "d=sub.example.com", and the 5322 From Domain is "example.com". The record does not specify an adkim value, so it should default to relaxed. I'm reading the above as the "relaxed" selector should apply to "sub.example.com" and something like "foo.sub.example.com", but not to "example.com". From the way the above reads, this part of the validation should fail as there isn't a valid DKIM signature available for the 5322 domain. Is this correct? Thank you -- Alex Brotman Engineer, Anti-Abuse Comcast x5364 _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
