> On 6 May 2017, at 14:49, Thore Boedecker <m...@foxxx0.de> wrote: > > Hello folks, > > over the last couple of months I have received some nasty spam, > delivered by the Yahoo mail servers. > > After looking at the headers it became clear what the issue was: > > It seems that Yahoo (at least yahoo.co.jp) is allowing emails from > @gmail.com senders to be sent through their servers. > The funny thing is, that there is a @gmail.com address in both the > 'From:' and 'Return-Path:' headers, but a @yahoo.com address in the > 'Reply-To:' and 'Sender:' headers. > Somehow Yahoo sees no problem in that and is happy to DKIM sign those > emails with a correct *Yahoo* signature.
This is correct - Sender is a perfectly acceptable address header for DKIM and is consistent with the semantics of the user taking responsibility for the sending of the message.