I should have said, yes there is an SPF record for thirdparty.org so that SPF passes based on the EHLO domain.
From: Franck Martin [mailto:[email protected]] Sent: 30 April 2015 17:35 To: John Mears Cc: Dave Crocker; [email protected] Subject: Re: [dmarc-ietf] DMARC,SPF, null senders, and indirect mail flow On Apr 30, 2015, at 6:58 AM, John Mears <[email protected]<mailto:[email protected]>> wrote: The rfc5321.MailFrom is empty: MAIL FROM:<> The ehlo field presented to the recipient from the third party relay contains the domain of the third party: EHLO thirdparty.org<http://thirdparty.org> For SPF to pass you can put a record on the domain (thirdparty.org<http://thirdparty.org>) of the HELO, but this will not align with senderorg.com<http://senderorg.com> see the definition of RFC7208.MAILFROM and https://tools.ietf.org/html/rfc7208#section-10.1.3 The from header contains the original sender's email address: From: John Doe <[email protected]<mailto:[email protected]>> What may work, is to get dedicated sending IPs at the third party relay and ask them to put in the HELO a domain aligned with senderorg.com<http://senderorg.com>, otherwise DKIM sign the bounces. Note that postfix/sendmail can DKIM sign the bounces it creates.
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
