[Mailman-Users] Emails from yahoo members, are getting rejected by yahoo, "Service Unavailable".

Mark Sapiro mark at msapiro.net
Mon Apr 14 04:47:35 CEST 2014

On 04/13/2014 03:17 PM, Mark Sapiro wrote:
> On 04/13/2014 03:03 PM, Jim Popovitch wrote:
>> DMARC checks alignment of *both* DKIM and SPF, if either is broken DMARC fails.
>>> SPF does not check the "From:" header line, and that's where the
>>> troubles begin with DMARC.
>> SPF checks sending IPs (of which your IPs won't match Yahoo's, thus
>> breaking DMARC)
>> Either an SPF failure or a DKIM failure will cause a DMARC rejection
>> if p=reject.
> I'm not sure that's correct. I've been testing this so many ways, I'm
> not sure what I'm seeing, but I think a reject requires BOTH DKIM and
> SPF to be absent or fail. If either passes, no DMARC reject occurs.

My reading of Sec 10.2 of the current draft DMARC standard
<https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/> says that
either a valid DKIM signature or a valid SPF test is sufficient, but
only if the domains are aligned which means the DKIM signing domain or
the SPF envelope sender domain must match (in strict or relaxed mode)
that of the From: address.

       If one or more of the Authenticated Identifiers align
       with the RFC5322.From domain, the message is considered to pass
       the DMARC mechanism check.

In particular, one's own SPF won't do because the domains won't align.

I think I've got a good set of test results, but I'm tired and will save
that summary for tomorrow.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list