In mail.xetex, you wrote: > Hi all, > > mere rewriting of the From header will not work. There are four beasts > involved:
Yes it will. It's what I successfully use for my user(s) who want their mail forwarded to gmail, and if it works for that, it works for anything! > The recipient sees that MAIL FROM says that the mail came from > tug.org. It thus looks at DNS, finds the SPF record (in fact a special > type of TXT) and verifies whether the IP address is in the list of > allowed servers. This is configured correctly at tug.org hence SPF > passes. However, this is not an SPF pass for DMARC purposes, because DMARC only considers an SPF pass when the From: address "aligns with" the envelope sender (which usually means being the same domain). > DMARC is a more flexible way superseding ADSP. It looks both at SPF > and DKIM and then decides what to do. Remember that DKIM as well as > DMARC are defined by the mail systems of the original senders hence > tug.org cannot do anything. In addition, it is not known which eaders > are included in the signature. But DMARC only looks at the policy of the From: address, so if you rewrite the From: address to a tug.org address, tug.org's DMARC policy will be applied. It doesn't matter that the message now fails the original DKIM signature (though for cleanliness it's better to remove the broken signature). So re-writing the From: address should solve the problem. In addition, DKIM-signing the (modified) message with a tug.org key will increase the chance of the message not being diverted to spam folders.
