On Aug 15, Ansgar <ans...@43-1.org> wrote: > To not look like forged mail, the "From" header field (not the > envelope) has to be validated with either DKIM or SPF. disroot.org > says this is supposed to be the case for mail from their domain: Not exactly. DMARC validation requires that at least one of DKIM or SPF is aligned.
DKIM validates the 822.From header, while SPF validates the 821.From envelope sender. Forwarding emails does not break DKIM signatures, as long as the signed headers are not modified (and they are not supposed to be, so usually it is fine). Forwarding emails does break SPF, and this is what SRS fixes (by changing the sender domain, so this does not help with DMARC). Mailing lists always break SPF and they may or may not break DKIM depending if they change e.g. the message body or the Subject header. The BTS does both, so after years it is still incompatible with DMARC validation (OTOH, domains which are not phishing targets should not enable DMARC. But we cannot fix other people's systems...). -- ciao, Marco
signature.asc
Description: PGP signature
