On Tue 02/Feb/2021 00:11:54 +0100 John Levine wrote:
In article <[email protected]> you write:
On Mon 01/Feb/2021 01:10:01 +0100 Scott Kitterman wrote:
SPF is what it is (RFC 7208). DMARC doesn't need to re-invent the protocol
(and shouldn't). For any properly implemented SPF verifier, DMARC should be
able to consume the Mail From result.
Perhaps Courier-MTA is not so properly implemented, but when mail from is empty
it just omits the corresponding Received-SPF: header field.
That's a peculiarity of Courier.
Yes. Configured as at mine, it writes three Received-SPF: fields, for helo,
mfrom, and, as a non-standard extension, for From:. As I said, the one for
mfrom is only written in case mfrom is not-empty.
My MTA adds an SPF clause in the A-R header whether or not there's a null
bounce address.
How can it report, say, fail for helo and pass for mfrom in just one clause?
OTOH, properly implemented SPF verifiers could skip producing a Mail From
result if the helo identity was verified successfully.
No, they could not. That's not what the SPF spec says.
If a conclusive determination about the
message can be made based on a check of "HELO", then the use of DNS
resources to process the typically more complex "MAIL FROM" *can* be
avoided.
https://tools.ietf.org/html/rfc7208#section-2.3
(my emphasis)
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
