On Monday, May 9th, 2022 at 20:35, Alex <mysqlstud...@gmail.com> wrote:
> I'm trying to understand why this email from a bank fails DMARC when mxlookup > says the DMARC record is just fine. > https://pastebin.com/0T4Gjn3v > > * 1.8 DMARC_REJECT DMARC reject policy > * 6.0 KAM_DMARC_REJECT DKIM has Failed or SPF has failed on the message > * and the domain has a DMARC reject policy > > It also passes SPF and DKIM As far as I understand, for DMARC to be valid, the enveloppe sender address and the header From needs to have the same domain. There are possibilities to allow or restrict subdomains. So if the domains are different (amazonses.com != firstdata.com), DMARC can't be valid. Regardless of what's written in the DMARC record, or if SPF and/or SPF are valid. Best, Laurent
signature.asc
Description: OpenPGP digital signature
