On Wed, 30 May 2018 12:47:42 -0600
Grant Taylor wrote:
> On 05/30/2018 12:08 PM, RW wrote:
> > SPF passes on the rewritten envelope address, so it's not aligned
> > and it's just a matter of whether there's an aligned dkim pass.
>
> It depends on what the Forensic Report ("fo") option is set to in the
> published DMARC policy. Domain owners / record publishers can state
> that any failure, including SPF misalignment, will cause a report to
> be sent.
OK, but when you said "The failure seems to be a result of how DMARC
amalgamates the two with published policies" I thought you were
claiming some kind of anomalous behaviour.
It's surely obvious that rewriting the envelope sender to a completely
different domain will break SPF alignment in DMARC. There wouldn't be
any point to DMARC if it didn't.
> > The important thing is to not sign the list* headers in dkim.
>
> I did say that DKIM passed. Which means that the list-* headers
> didn't cause the failure.
That was informational, some people do make that mistake.
