On Wed, Mar 29, 2017 at 12:24 PM, Alan Hodgson <ahodgson@lists.simkin.ca> wrote:
On Wednesday 29 March 2017 11:12:33 William Herrin wrote:
Both SPF and DKIM are meant to be checked against the domain in the envelope sender (SMTP protocol-level return address) which the NANOG list sets to nanog-bounces@nanog.org. Checking against the message header "from" address is an incorrect implementation which will break essentially all mailing lists.
This is incomplete.
TL;DR: SPF checks the envelope sender. DKIM doesn't check anything except to test that parts of the message haven't been altered. DMARC adds policy to both to check them against the header From:. Mailing list software may not work with DMARC-reject senders (but Nanog does).
Hi Alan, I accept your explanation as the correct one. Regards, Bill Herrin -- William Herrin ................ herrin@dirtside.com bill@herrin.us Dirtside Systems ......... Web: <http://www.dirtside.com/>