On Mon 14/Dec/2020 20:17:37 +0100 John Levine wrote:
In article
<mn2pr11mb435146f06ec3d2aaac6f8f38f7...@mn2pr11mb4351.namprd11.prod.outlook.com>
you write:
I'm seeing a report where the XML contains two SPF records within a single
auth_results entity. This doesn't seem correct.
It's specifically allowed in the XML schema.
Yup:
<xs:element name="spf" type="SPFAuthResultType" minOccurs="1"
maxOccurs="unbounded"/>
In this case I'd guess it is checking the From header domain, the org
domain, and the bounce address. I see that bounce.email.peacocktv.com is a
CNAME for sparkpostmail.com so it's plausible.
One has to guess because the snippet misses the scope of the checked domains:
<!-- The scope of the checked domain. -->
<xs:element name="scope" type="SPFDomainScope" minOccurs="1"/>
In that sense, it is not correct. It should have been:
<auth_results>
<dkim>
<domain>email.peacocktv.com</domain>
<result>pass</result>
</dkim>
<spf>
<domain>bounce.email.peacocktv.com</domain>
<scope>mfrom</scope>
<result>pass</result>
</spf>
<spf>
<domain>mta-218-134.sparkpostmail.com.</domain>
<scope>helo</scope>
<result>none</result>
</spf>
</auth_results>
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
