top | item 45266304

(no title)

neuronflux | 5 months ago

SPF alignment ensures the MAIL FROM domain matches the From header. DKIM alignment ensures the From header matches the domain in the DKIM signature header. In the DMARC policy, you can set both adkim=s and aspf=s.

Google owns and manages all of this, so they can send emails with a google.com MAIL FROM, a google.com header, and signed with a google.com DKIM key. And they could do likewise with gmail.com emails.

I'm not clear on why this isn't practical, perhaps there is something I'm missing though? I would appreciate your viewpoint.

Edit: I see you added a point about forwarding.

discuss

Avamander|5 months ago

DMARC specifies that SPF alignment is checked for the domain in the MIME From. The domains in SMTP and MIME From do not have to be the same (nor both align).

Your MTA can still check alignment for both HELO and SMTP From as specified by SPF's RFC(s) though and spam filters often do for extra information/signal.

DMARC's adkim/aspf aren't basically supported in practice. Nor they should be. For reasons already mentioned, as you already read.