Peter via Postfix-users skrev den 2024-06-21 08:45:
SPF/DKIM/DMARC Checklist for (IMO) the best chance of getting your
mail to be accepted:
1. HELO banner should pass SPF.
2. Envelope Sender should pass SPF.
3. Envelope Sender domain should align with the From: header domain.
4. Message should be DKIM signed.
5. Domain for the DKIM signature should align with the From: header
domain.
Not all of the able are necessary (e.g. you can get away with SPF
alignment only or DKIM alignment only) but the more of those boxes
that you can successfully tick off the better chance you have for
you message to be accepted when things go wrong, or when a
destination doesn't implement one of the above checks properly.
On 21.06.24 09:02, Benny Pedersen via Postfix-users wrote:
3 would not be posssible when recipient forwards to another mta,
Correct. The 3. does not apply. That should instead be
"only use SPF for DMARC if envelope from: is the same as header From:"
basicly why maillist all breaks dkim,
Only if they change signed headers or body of the e-mail. Otherwise the
DKIM still validates, and thus does DMARC.
This applies for forwarding through mailing lists, automatic forwarding in
mailboxes and manual forwarding by mutt's "b"ounce or mozilla "mail
redirect" extension.
some says spf breaks mailforwards, nothing could be more fails, since
nexthop gives new envelope sender, with will not align with header from:
Correct, note that this requires implementing SRS on forwarding machine.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
