Don't quite get it, Scott. There is no DMARC record so the
transaction would be "DMARC indeterminate" -- no DKIM signing policy.
If it did have a DMARC record, in order for this transaction to DMARC
pass, it would require relaxed alignments for SPF and DKIM:
adkim=r
aspf=r
Correct?
subdomains has more inherent "trust" than having completely different
main domains. The problem of course, DMARC excludes this legitimate
3rd party signer possibility in its protocol.
--
HLS
On 3/30/2015 2:35 PM, Scott Kitterman wrote:
I just ran across this one today in a third party non-spam email:
Return-Path: <[email protected]>
...
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;
d=email.mindbodyonline.com;
h=from:to:reply-to:subject:mime-version:content-type; s=smtpapi;
...
Received: from o2.email.mindbodyonline.com (o2.email.mindbodyonline.com
[74.63.194.59])
...
From: "$CUSTOMER_FRIENDLY_NAME" <[email protected]>
To: $DELIVERY_ADDRESS
Reply-To: "$CUSTOMER_FRIENDLY_NAME" <$CUSTOMER_ADDRESS>
I know we've discussed this kind of thing before, but it's the first time I've
noticed it in the wild (not that I've been looking really hard). They don't
have a DMARC record published, so this may be in response to some other
driver, but it works for DMARC:
SPF passes and aligns
DKIM passes and aligns.
Since they are using their own 5322.From, there's no issue with third party
DMARC records.
Scott K
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
