From: Merijn van den Kroonenberg <mer...@web2all.nl> >> On 05.05.17 11:37, Merijn van den Kroonenberg wrote: >>>I want to test in SA if the Envelope From domain is DKIM_VALID. >> >> the envelope from can't be DKIM-VALID. DKIM validated message content, >> including some of its headers, not envelope from address.
>I know. I do not want to validate the envelope from with DKIM. I just want >to know if the mail was DKIM-VALID signed by the DOMAIN used in the >envelopefrom. >So the only thing I want with the envelop from is to extract the domain >and test if the mail was DKIM signed (and valid) by that domain. >This tells me the envelope from is not some random spoofed address, but >actually controlled by someone who handled the e-mail before it arrived at >our mta. This actually would be a very useful rule/logic to add to SA: https://blog.returnpath.com/why-passing-and-aligning-both-spf-and-dkim-is-key-to-email-deliverability/ When both align, it should be a very good candidate for whitelist_auth based on the sender domain reputation. Dave
