On September 10, 2024 10:20:59 AM UTC, Alessandro Vesely <[email protected]> wrote: >On Mon 09/Sep/2024 17:47:46 +0200 Todd Herr wrote: >> As an example of this, a bank might send only targeted messages to >> account holders. Those account holders might have given their bank >> addresses such as [email protected] (an address that relays >> the messages to another address with a real mailbox) or >> [email protected] (a role-based address that does similar >> relaying for the current head of finance at the association). When >> such mail is delivered to the actual recipient mailbox, it will >> necessarily fail SPF checks, as the incoming IP address will be that >> of example.edu or association.example, and not an address authorized >> for the sending domain. DKIM signatures will generally remain valid >> in these relay situations. > > >Hmm... there are relays that don't change the bounce address. For such >cases, the explanation of why SPF checks fail would be different... I'd >suggest removing the explanation (that is ", as the incoming ... the sending >domain"). It should be well known by now that SPF breaks forwarding. > I don't think it's safe to assume people know this. I do think the point is worth addressing. Perhaps adding (if the Mail From address is not rewritten by the relay) after necessarily fail SPF checks would address the point.
Scott K _______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
