Hello Michael, Consider this scenario:
Friendly From: @yourbank.com SMTP MAIL FROM: @spammer.ru DKIM d=spammer.ru SPF gets checked at the SMTP MAIL FROM domain, and DKIM gets checked at the d= domain. Either or both of these could pass authentication, but that would not mean the message is legitimately from yourbank.com. DMARC was intended to tie together the backend server information with the friendly From: address to prevent abusive spoofing like this, which is very common. Thanks, Autumn Tyr-Salvia [email protected] Agari Principal Customer Success Engineer ________________________________ From: dmarc <[email protected]> on behalf of Michael Davis <[email protected]> Sent: Monday, March 18, 2019 12:48 PM To: [email protected] Subject: [dmarc-ietf] p=reject If a sender's IP is in SPF, so SPF passes; and the applied DKIM signature is successfully decrypted, so DKIM passes; what good is checking alignment and rejecting a message? I have had Adobe and Cloudflare automated system emails rejected based on those senders' DMARC policy, after SPF and DKIM pass.. These emails were regarding password resets and come from servers that do not equal the spoofed address domain. It would seem that if the sender is approved according to SPF and verified according to DKIM that alignment being a reason for rejection post authenticas is an exercise of absurdity. Please help me understand otherwise.
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
