Here is an example of the real problem: Example.com is hosted on Outlook.com
The user's mailbox is full, so I get a bounce message with these characteristics: From: [email protected] MailFrom: <null> Helo: servername.protection.outlook.com How does it help my evaluation to do an SPF test on the HELO name? Even in the simpler case where the server and the recipient are in the same domain, an SPF test on the server name is most often going to return NONE, because SPF will be published on the domain but probably not on every host name. The RFC 7208 fallback is not useful for DMARC. Doug On Mon, Jun 3, 2024 at 1:08 AM Richard Clayton <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > In message <[email protected] > il.com>, Douglas Foster <[email protected]> writes > > >Richard, you miss my point. I know what RFC 7208 says to do with null > >sender, but we rightly ignore it for DMARC purposes. > > I think you should go back to RFC7208, specifically #2.4 where it > specifically says that when the RFC5321 MAIL FROM string is null (as in > bounce messages) then the "MAIL FROM" identity is defined to be > postmaster@ the domain in the RFC55321 EHLO/HELO command > > The current DMARCbis document is clear that the HELO identity is to be > ignored... it might be useful to paraphrase #2.4 but I can see the > argument for avoiding confusion if the paraphrase was subtly different > > >SPF Helo is one of at least 5 ways to validate the HELO name. > > This is not a question of validation, DMARC is all about alignment > > You will need to say EHLO with a domain name that aligns with the From: > if you cannot manage that then DKIM is your only way to get your bounce > message to have a DMARC pass > > - -- > richard Richard Clayton > > Those who would give up essential Liberty, to purchase a Benjamin > little temporary Safety, deserve neither Liberty nor Safety. Franklin > > -----BEGIN PGP SIGNATURE----- > Version: PGPsdk version 1.7.1 > > iQA/AwUBZl1PWd2nQQHFxEViEQIRNgCfTNdEdmxZOyA3e3kvaYTZBmFCDAgAniso > XF+0hJOncqW29BNONctiULYI > =gFl4 > -----END PGP SIGNATURE----- >
_______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
