On Thu, Jul 15, 2021 at 08:07:52PM -0400, Bill Cole <postfixlists-070...@billmail.scconsult.com> wrote:
> On 2021-07-15 at 19:44:41 UTC-0400 (Fri, 16 Jul 2021 09:44:41 +1000) > raf <post...@raf.org> > is rumored to have said: > > > SPF by itself would have checked the envelope address > > (owner-postfix-us...@postfix.org), but DMARC's > > reinterpretation of SPF is not the same as actual SPF. > > It checks the From: address (@raf.org) instead of the > > envelope address (@postfix.org). > > Not exactly. > > SPF always checks the envelope sender. DMARC only considers SPF if the > envelope sender domain aligns with the From header address domain. Thanks. I had misunderstood that. It's strange then that I'm receiving DMARC+SPF failure reports. If DMARC isn't considering SPF, then DMARC+SPF shouldn't be passing or failing. The failure reports caused me to conclude that DMARC checks SPF when the From: address domain has an SPF record, not just when it aligns with the envelope domain. I guess the absence of a check counts as a failure. > > That's why the DMARC+SPF check failed (even though a > > plain SPF check (which didn't happen) would have > > passed). > > No, postfix.org has no TXT record, so mail from a postfix.org address can > neither pass nor fail a SPF test. Yes, I just realised that and was about to correct it. Thanks for both corrections. > -- > Bill Cole > b...@scconsult.com or billc...@apache.org > (AKA @grumpybozo and many *@billmail.scconsult.com addresses) > Not Currently Available For Hire cheers, raf
