On Dec 5, 2017, at 1:36 PM, Dave Crocker <dcrocker(_at_)bbiw(_dot_)net> wrote:
On 12/5/2017 1:33 PM, Steve Atkins wrote:
It's a DMARC issue rather than a DKIM one.
How is it a DMARC issue?
From: {spoo-that-expands-to billing(_at_)paypal(_dot_)com\0}@badpeople.ru will
be delivered and (on some clients) have a recipient-visible 822.From that looks
like "From: billing(_at_)paypal(_dot_)com" despite not having a valid DKIM
signature with a d=paypal.com nor matching paypal.com's published SPF record.
That's DMARC working exactly as designed but not as commonly understood, which
makes it a DMARC issue (though a usability one of unmet expectations rather
than anything technical).
Much the same as "From: billing(_at_)paypal(_dot_)com
<whoever(_at_)badpeople(_dot_)ru>", or the various approaches that pad headers
with various sorts of whitespace or v______e_____r_____y long local parts to
hide the real domain part on mobile devices, etc.
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html