To answer the first - we certainly receive reports from some providers containing multiple SPF results within the same row. It makes things "difficult"; without scope, there's no correct way to interpret the row. But if you report one and only one of each scope (helo and mfrom), then the normal SPF authentication rules apply - mfrom rules over helo when present.
With DKIM, a row could conceivably be accurate while containing multiple DKIM results with different d= values if all of the messages were signed with the same multiple DKIM signing keys. -- Les Barstow On Wed, Mar 16, 2016 at 11:09 AM, Franck Martin <[email protected]> wrote: > > > > > ------------------------------ > > *From: *"Elizabeth Zwicky" <[email protected]> > *To: *"Franck Martin" <[email protected]> > *Cc: *"dmarc" <[email protected]>, [email protected] > *Sent: *Wednesday, March 16, 2016 7:27:04 AM > *Subject: *Re: [dmarc-ietf] SPFAuthResultType unbounded > > > Rows are defined by IP; if the same IP uses multiple MAILFROM and SPF is > bounded what is the reporter supposed to do? Duplicate rows? > > Limiting SPF changes the row key in bad ways. (Unless all senders are > well-behaved in ways they are not required to be.) > > Elizabeth > > Are you saying for the same (IP, RFC5322.From domain) tuple you have > several RFC5321.Helo and RFC5321.MailFrom domains? > > It seems to me, if for the same tuple you have different DKIM d= with > different results (pass,fail) you do create a row for each case. So same > for SPF.... > > The record key is certainly multidimensional and not by IP alone. > > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc > >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
