Re: SPF and domain keys

2016-08-30 Thread Reindl Harald
Am 29.08.2016 um 15:49 schrieb project722: What about DKIM only? Can it be used instead of, or, as a "replacement" for SPF? For example mails are signed with DKIM from the SMTP servers, and the receiving servers are checking both SPF and DKIM. If the receiving server detected a missing SPF

Re: SPF and domain keys

2016-08-29 Thread Jim Fenton
If alphazulu.com is sending email as foxtrot.com it would be best to sign the message as foxtrot.com as well so that the signature is "aligned" from a DMARC standpoint (matches the From domain). The keys are always in the domain specified by the d= value in the signature. The best approach is for

Re: SPF and domain keys

2016-08-29 Thread Mike Ragusa
Yes of course as that would be the original sender of the email and their information would also be in your SPF policy. You can change the Sender and Reply-to headers to be from your domain and mask it a bit better but the received by headers would show the alphazulu.com mail server. On Mon, Aug

Re: SPF and domain keys

2016-08-29 Thread Mike Ragusa
Glad to help! If you need a low cost DMARC reporting service, I would recommend www.dmarcian.com On Mon, Aug 29, 2016 at 10:33 AM project722 wrote: > Thanks guys - very helpful information indeed. > > On Mon, Aug 29, 2016 at 9:08 AM, Mike Ragusa wrote:

Re: SPF and domain keys

2016-08-29 Thread project722
Awesome, Actually one more question. If we allow folks from another domain to send as us is there a chance anywhere in any of the email "from" headers it would reveal the "true" domian? eg.. folks at alphazulu send as @foxtrot.com. Would @alphazulu.com appear anywhere in the headers? On Mon,

Re: SPF and domain keys

2016-08-29 Thread project722
Thanks guys - very helpful information indeed. On Mon, Aug 29, 2016 at 9:08 AM, Mike Ragusa wrote: > Ideally it is best to use both technologies and then put DMARC on top to > ensure reporting and enforcement of the policies. DKIM cryptographically > signs your messages and

Re: SPF and domain keys

2016-08-29 Thread Mike Ragusa
Ideally it is best to use both technologies and then put DMARC on top to ensure reporting and enforcement of the policies. DKIM cryptographically signs your messages and SPF informs receiving mail servers of who is allowed to send on your behalf. You should not think of using only one or the

Re: SPF and domain keys

2016-08-29 Thread project722
What about DKIM only? Can it be used instead of, or, as a "replacement" for SPF? For example mails are signed with DKIM from the SMTP servers, and the receiving servers are checking both SPF and DKIM. If the receiving server detected a missing SPF would it allow mail through if DKIM is present and

Re: SPF and domain keys

2016-08-29 Thread Dave Warren
The easiest answer is: Whatever you want. Strictly speaking, alphazulu.com can send mail on behalf of foxtrot.com using a alphazulu.com DKIM selector, and that's perfectly valid under DKIM. However, it won't have DMARC alignment, which is becoming more and more important, so if alignment is

SPF and domain keys

2016-08-28 Thread project722
Lets say my domain is foxtrot.com and we have SPF records for the SMTP servers on foxtrot.com. Now lets say I have decided I want to allow alphazulu.com to send mail as foxtrot.I know how to add alphazulu.com to the SPF but If I wanted to also use DomainKeys or DKIM to authenticate alphazulu.com