On 2 Feb 2021, at 11:13, John R Levine wrote:
An SPF library implements the check_host() function. It's up to the
client to call it multiple times. Is that client DMARC-aware? As
you may have guessed, my question is intended to understand how does
a DMARC implementation actually ascertain whether an "spf=pass
helo=smtp.example.com" is enough to validate "From:
[email protected]".
I use the opendmarc library and libspf2. For the SPF check, I give it
the IP address, the HELO, and the MAIL FROM, and it gives me a result.
I then pass that result to the DMARC library along with the DKIM
results. Looking at the code, I see I tell it whether SPF checked HELO
or MAIL FROM by simply checking whether MAIL FROM was null, but I
don't know what the DMARC libary does with that. Maybe Murray
remembers.
There is some commented out code to not pass a HELO result to DMARC,
don't remember why I turned it off.
I’m lost in a double negative here: did you turn off passing a HELO
result to DMARC, or did you turn off not passing a HELO result?
Again, I believe this is typical of what DMARC validators do. It's
existing practice and I see no reason to change it. Can we stop now?
If you found that you needed to turn off something that’s part of the
DMARC spec, it would be good to understand why.
-Jim
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
