On Mon 09/Sep/2024 17:47:46 +0200 Todd Herr wrote:
As an example of this, a bank might send only targeted messages to account holders. Those account holders might have given their bank addresses such as [email protected] (an address that relays the messages to another address with a real mailbox) or [email protected] (a role-based address that does similar relaying for the current head of finance at the association). When such mail is delivered to the actual recipient mailbox, it will necessarily fail SPF checks, as the incoming IP address will be that of example.edu or association.example, and not an address authorized for the sending domain. DKIM signatures will generally remain valid in these relay situations.
Hmm... there are relays that don't change the bounce address. For such cases, the explanation of why SPF checks fail would be different... I'd suggest removing the explanation (that is ", as the incoming ... the sending domain"). It should be well known by now that SPF breaks forwarding.
Best Ale -- _______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
