Am 21.12.2017 um 01:37 schrieb Brandon Long via dmarc-discuss: > For bounces (ie, empty MAIL FROM), the EHLO argument is used for the SPF > lookup, so it is technically possible for there to be a valid SPF record.
Hello Brandon, I wasn't aware of that. But https://tools.ietf.org/html/rfc7489#section-3.1 is pretty clear: while [SPF] can authenticate either the domain that appears in the RFC5321.MailFrom (MAIL FROM) portion of [SMTP] or the RFC5321.EHLO/HELO domain, or both and here are the requested rDNS / HELO informations: RFC5321.MailFrom <> RFC5322.From <postmaster@${customer}.emea.microsoftonline.com> DKIM-Signature d=${customer}.onmicrosoft.com client mail-db5eur01hn0241.outbound.protection.outlook.com[104.47.2.241] ehlo EUR01-DB5-obe.outbound.protection.outlook.com or client mail-ve1eur01hn0213.outbound.protection.outlook.com[104.47.1.213] ehlo EUR01-VE1-obe.outbound.protection.outlook.com > That said, I wouldn't bet on it. I know there's still an open bug to create > the DNS SPF records for our EHLO hostnames at Google, it was just never a > high priority. Plus, it wouldn't really help the DMARC case because our > DSN's come from @googlemail.com <http://googlemail.com> for some reason I was > never clear on but our EHLO hostnames are google.com <http://google.com>. looks like there is the same challenge as on your side :-) Andreas _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)