On 21/02/2021 17:37, RW wrote:
On Sun, 21 Feb 2021 17:00:32 +0000
Dominic Raferd wrote:
On 21/02/2021 16:20, Benny Pedersen wrote:
On 2021-02-21 17:00, RW wrote:
On Sun, 21 Feb 2021 14:04:20 +0000
Dominic Raferd wrote:
On 21/02/2021 13:56, RW wrote:
From: "Karen Howard" <ka...@interfacefm.com>
Reply-To: "Karen Howard" <ka...@intrefacefm.com>
Yes this mail passed DMARC
How did it pass DMARC when it has the domain being spoofed in the
from header?
both domains can have dmarc, but only from header is dmarc tested
and dkim can sign reply-to
and interfacefm.com (like most domains) does not publish a DMARC
policy, so it must pass
But it does:
$ dig +short txt _dmarc.interfacefm.com
"v=DMARC1; p=none; rua=mailto:postmas...@interfacefm.com";
Presumably interfacefm.com has been hacked, but not to the extent that
they can intercept incoming replies.
I stand corrected; but as they specify p=none, the mail must still pass.
