On 05/30/2018 12:08 PM, RW wrote:
SPF passes on the rewritten envelope address, so it's not aligned and it's just a matter of whether there's an aligned dkim pass.
It depends on what the Forensic Report ("fo") option is set to in the published DMARC policy. Domain owners / record publishers can state that any failure, including SPF misalignment, will cause a report to be sent.
IMHO simply relying on DKIM to validate is insufficient.Further, it's not unheard of for something else (completely benign) to break DKIM (like 8-bit to 7-bit MIME transcoding).
It passes dmarc at gmail,
I've learned not to use Gmail as a measuring stick for what's good. Rather I use Gmail as for the low end, as if it fails Gmail then it's really broken. Gmail has a number of things that are NOT up to a high bar.
so presumably the problem is with the service that sent the notices.
How is it a misconfiguration / misbehavior of the receiving DMARC filter for reporting a misalignment that it detected between the envelope from and the From header?
That sounds like "working as (intended|desired|configured)" to me.
The important thing is to not sign the list* headers in dkim.
I did say that DKIM passed. Which means that the list-* headers didn't cause the failure.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature