On Thu, Nov 18, 2021 at 3:51 PM Douglas Foster < [email protected]> wrote:
> Don't the alignment rules allow any DKIM signature for the organization to > validate any FROM address for the organization -- up, down, or sideways? > > To use the sideways example, this means that an RFC 5322.From address of " > [email protected]" can be validated for DMARC: > - by SPF PASS on an RFC5321.MailFrom address of " > [email protected]", or > - by a verified DKIM signature issued by d=Humanities.Example.Edu using a > public key published in the Humanities sub-tree. > > That, at least, is my understanding. > > Doug > Your understanding is incorrect. Please review what the adkim and aspf tags do. In the strict mode the domain must be an exact match. In the relaxed mode it must either be an exact match or match the parent domain. In no case will "sister" subdomains produce a pass. Michael Hammer
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
