On 17/10/21 11:48 pm, Wes Peng wrote:
I am a little confused about this scene, the email sent from my domain
is signed by Yahoo, thus it has a valid DKIM. But my domain itself has
no DKIM setup, the message was signed by Yahoo not by my domain. Will
this DKIM setting make DMARC broken?
I saw the headers from gmail as below. I am just not sure about this.
Please advise, thanks.
SPF: PASS with IP 106.10.242.xx Learn more
<https://support.google.com/a?p=show_original&hl=en>
DKIM: 'PASS' with domain yahoo.com <http://yahoo.com> Learn more
<https://support.google.com/a?p=show_original&hl=en>
DMARC simply ignores any DKIM sigs that are not signed by the domain in
the From: header, so having the yahoo DKIM signature won't break DMARC,
but it won't help either.
DMARC: 'PASS'
DMARC requires either DKIM or SPF to pass on the domain in the From:
header, so in this case it likely passed based on SPF.
Do note that when a message is sent through an email list such as this
there will be no passing SPF signature on the From: domain because of
the forwarding aspect of the mailing list, so if you don't have a valid
DKIM signature on that domain then the message will (and in this case
does) fail DMARC.
Peter
