Relaxed alignment means the identifier domain (SPF or DKIM) have the same organizational domain as the domain in the RFC5322.From.
On Tue, Feb 9, 2016 at 1:36 PM, Brotman, Alexander via dmarc-discuss < [email protected]> wrote: > Hello, > > I have a question about how to interpret a message for DMARC validation, > relating to section 3.1.1, specifically: > > To illustrate, in relaxed mode, if a validated DKIM signature > successfully verifies with a "d=" domain of "example.com", and the > RFC5322.From address is "[email protected]", the DKIM "d=" > domain and the RFC5322.From domain are considered to be "in > alignment". In strict mode, this test would fail, since the "d=" > domain does not exactly match the FQDN of the address. > > We've encountered a situation where a sender has a DMARC record, and > they've signed the message with "d=sub.example.com", and the 5322 From > Domain is "example.com". The record does not specify an adkim value, so > it should default to relaxed. > > I'm reading the above as the "relaxed" selector should apply to " > sub.example.com" and something like "foo.sub.example.com", but not to " > example.com". From the way the above reads, this part of the validation > should fail as there isn't a valid DKIM signature available for the 5322 > domain. Is this correct? > > Thank you > > -- > Alex Brotman > Engineer, Anti-Abuse > Comcast > x5364 > > > > _______________________________________________ > dmarc-discuss mailing list > [email protected] > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well > terms (http://www.dmarc.org/note_well.html) >
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
