On Wed, 2020-06-03 at 14:15 +0200, Benoit Panizzon via mailop wrote:
> > and I guess the domain in the HELO too?
>
> the HELO contains the FQDN of the sending machine which is
> not the same as the domain of the envelope sender or From: Header.
>
> The HELO needing to match anything for DMARC or SPF would be quite new
> to me.
The FQDN used in the HELO being part of SPF tests is nothing new at
all.
If you are using sub-domains of the 5322.From domain in the 5321.From
or SMTP HELO then those sub-domains need to have their own individual
SPF records too. For example, if they are single servers then "v=spf1
+a -all" is a simple option.
So in the absence of DKIM, even when using an enforcing DMARC policy
with relaxed SPF alignment ("aspf=r"), a message will fail the DMARC
test if sub-domains of the 5322.From are used in the 5321.From and/or
SMTP HELO and they do not have any (compliant) SPF records.
If you could share the specific FQDN values you are using it would
greatly help in helping you.
Ken.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
