The ISP rewrites the MAIL FROM to deflect bounces. This passes SPF (IP
matches MAIL FROM), and also passes DMARC's aligned SPF (RFC822 From has
the original sender domain, which includes the ISP's IP range).
Please tell me what I'm missing.
A DMARC SPF pass requires that the MAIL FROM domain be the same as the
From: header domain, or in less strict mode a subdomain.
The subdomain is probably doable, after considerable coordination
between the sender and its ESP. The sender publishes MX records for the
subdomain that point at the ESP's bounce handler.
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
