Hey Autumn, My guess: more than one Return-Path: header isn't "illegal" (as "SMTP servers making final delivery MAY remove Return-path headers before adding their own.", from 2821), but in the meantime, SPF should be checked on the unique MAIL FROM: command value, not on the value of the header. I'm not clear if additional Return-Path headers are prepended (like Received: ones) or appended.
You could tell with the Received: headers, but maybe the sender sends the email to the ESPs' MTA, which adds the first Return-Path:, then submits the email to the final recipients, which for some reasons doesn't delete the existing Return-Path:, and just adds another one. The one related to the ESP. So it would kind of make sense, even though it's not what's initially expected? (I don't recall I already saw something like that) Cheers, -- Benjamin From: mailop <[email protected]> On Behalf Of Autumn Tyr-Salvia Sent: jeudi 11 avril 2019 21:01 To: Mailop <[email protected]> Subject: [mailop] 2 Return-Path headers? Hello, I'm looking at headers for a particular message, and noticed two different Return-Path headers. The message is being sent by an ESP. One Return-Path uses a VERP address with the ESP's domain, and the other uses the same address as the friendly From:. I haven't seen this in other headers before - is this common? Why would there be 2? I spent some quality time with RFC 2822 and couldn't determine if it's spec-legal to have two Return-Path headers or not. More to the point, it's using the one with the ESP domain for checking SPF, which is not what the desired behavior. I can reach out directly to the ESP in question to get more info, but wanted to ask this group first if there's some other resource I should consult for a firm understanding of using multiple Return-Path headers before I have that conversation. Thanks, Autumn Tyr-Salvia tyrsalvia@gmail atyrsalvia@agari
_______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
