Re: [dmarc-ietf] Ticket #1 - SPF alignment

Todd Herr <> Tue, 19 January 2021 21:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 101D53A178E for <>; Tue, 19 Jan 2021 13:26:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9LUrtLMaDhJ3 for <>; Tue, 19 Jan 2021 13:26:27 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D648B3A179C for <>; Tue, 19 Jan 2021 13:26:26 -0800 (PST)
Received: by with SMTP id e17so5737636qto.3 for <>; Tue, 19 Jan 2021 13:26:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=ZA4NTDO0yW2R+WHyxhYORlXirBEKZ9rUzO34a+dKacE=; b=QtfjhNkYbpWQb3aGfyLRqFVtNLu4T+6Ssw6bnh6pjeh4H8p3NptbEz6dqILLY4GVMv w1FF+E4S3wOObyJ4YKkYGIz6lhoJCvhYrBNd0sQW2CrnqJPIUqx52/INvCln4HJxbAU1 nvbh5QT+Ds3gWkRIsvRy1PtiIerr7NZuY4PGpWeRdp/xvt8AACoeGEPfBQtylBCMnUSS Pn8uJTNZx12NifzUED4vpTbawR6LNYj0rE8MDnldOVjG5xSbLdOPxRnJaHdqlDU3FisG zR5ZNnZKUAki9k2vfgR24sZ5H/gTRnY1r5KSegHcbqiWQfc5gQQGx9fC47bafHm3s8iy K5yg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=ZA4NTDO0yW2R+WHyxhYORlXirBEKZ9rUzO34a+dKacE=; b=PVEA7dWOvCQhcUmgMmKTfE2GrpSvTQdni7IGLB4QU2SAhIM5l8WZbu3//Z5kkOcDTK byYt18bMSPnTxhbQKq2iMRxyR5ZqKzTYK2Gsy19210AENbsgKvbeuxGhdIjZyCtFvxmq tON/7lo4XAqp/pZZuAXneoVH8c0/pvY2kDKcBBKblYdwvxhUI7UaMTq3F7WEIIC8bkWD qBdymPRDpoJCO58nOHJAp8SVcHMpVAR7eYGR39s+bQ//WGjHtERu1Pdjj4IQFoRP+PHY 4wY0Rm+xJSOBATtWOw/0xu4WvDGGUGB5EkBWS5VX0vm1TwnDIgHXMrbnI+putgYWkbPl z5vQ==
X-Gm-Message-State: AOAM5316VgZNCOn7/bzQyVVNIKrWK6+DUEK11ifSdNjMGDnS+bn1uysf /5q2lVFxTquOzEf9IRWYivO7bAIb2jNEvenfyHiSznwmGhMvPA==
X-Google-Smtp-Source: ABdhPJx2Kq8rRk1D/MDlNDeghkIcWQDGf8Qgiby1xD5SlQk6oEBxs6cS8fWDsahuQDVGEDDhW87rNdIBX6uNkw+grhM=
X-Received: by 2002:a05:622a:20c:: with SMTP id b12mr6212310qtx.208.1611091585612; Tue, 19 Jan 2021 13:26:25 -0800 (PST)
MIME-Version: 1.0
References: <> <> <>
In-Reply-To: <>
From: Todd Herr <>
Date: Tue, 19 Jan 2021 16:26:09 -0500
Message-ID: <>
Content-Type: multipart/alternative; boundary="000000000000a9569605b9477d3e"
Archived-At: <>
Subject: Re: [dmarc-ietf] Ticket #1 - SPF alignment
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 19 Jan 2021 21:26:29 -0000

Picking up the thread on another ticket that was brought before the group
pre-holidays and has lain fallow since the end of 2020...

John Levine asserted that there wasn't a lot of strong opinion on the
matter, and therefore we'd be leaving the spec as is, with the MAIL FROM
SPF check the only one that matters for DMARC.

Ale replied, but I don't interpret his reply as challenging John's

Can this ticket be closed?

On Thu, Dec 31, 2020 at 9:47 AM Alessandro Vesely <> wrote:

> On Wed 30/Dec/2020 22:06:01 +0100 John R Levine wrote:
> >> We would like to close this ticket by Dec 15, two weeks from now, so
> short
> >> trenchant comments are welcome.
> >>
> >> Ticket #1 is about SPF alignment.  We need to replace references to
> 4408 with
> >> 7408, ando clarify what if anything we do with SPF HELO checks if
> >> the MAIL FROM is null.  One possibility is to say only MAIL FROM SPF
> counts,
> >> if you want to align your bounces, sign them.  The other is to
> explicitly say
> >> that HELO alignment is OK on bounces.
> >
> > I didn't hear a lot of strong opinions, but I think they leaned in the
> > direction of only checking the MAIL FROM, since the name of the MTA
> often is
> > unrelated to the From: domain.
> >
> > This means that if you want your bounces to be DMARC aligned, they'd
> need DKIM
> > signatures.
> Bounces with HELO should have From:
> where may be a virtual domain or the "real" domain name,
> depending
> on the configuration.
> --

*Todd Herr* | Sr. Technical Program Manager
*p:* 703.220.4153

This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.