On Monday, April 04, 2016 11:09:12 PM A. Schulze wrote: > really? > > I know DMARC as > "example.com may dkim sign with example.com. relax alignment will > match even for RFC5322.From sub.example.com" > > but you claim > "sub.example.com may dkim sign with sub.example.com a message with > RFC5322.From example.com and that will be relax aligned" > -> I don't agree. > > see https://tools.ietf.org/html/rfc7489#appendix-B.1.2 > > > As "RW" pointed out: The message has a dkim signature mx.aol.com but > RFC5322.From is the /parent/ domain > That does not align and dmarc will not pass. It's AOL's fault. > > Andreas
I really believe that's incorrect. Relaxed alignment specifically means you can sign with a subdomain's key or use a subdomain for SPF. Read sections 3.1.2 and 10.4 of that same document, for instance.