forked from trusteddomainproject/OpenDMARC
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix "header" vs. "header field" where appropriate.
- Loading branch information
Murray S. Kucherawy
committed
Mar 18, 2021
1 parent
1f018c6
commit 9fdbdf9
Showing
2 changed files
with
7 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -17,17 +17,17 @@ same section) that all domains be tested, and the strictest policy be | |
| applied. | ||
|
|
||
| However, having even two distinct administrative domains in the same From: | ||
| header (for example, [email protected], [email protected]) leads to an issue: | ||
| header field (for example, [email protected], [email protected]) leads to an issue: | ||
|
|
||
| * For SPF, mail can only be delivered to a receiving system from one IP | ||
| address. Unless that IP address is (coincidentally or intentionally) in both | ||
| domains' SPF records (or the domains "include:" each other), then the SPF | ||
| check will fail (forged HELO's notwithstanding). | ||
|
|
||
| * For DKIM, there can only be one selector/domain in a given DKIM-Signature, | ||
| referencing a single "From:" header. So in the case where either domain | ||
| specifies a DMARC policy of either p=reject or p=quarantine, the result | ||
| will be a failure. The message would have to bear valid signatures | ||
| referencing a single "From:" header field. So in the case where either | ||
| domain specifies a DMARC policy of either p=reject or p=quarantine, the | ||
| result will be a failure. The message would have to bear valid signatures | ||
| from both domains. | ||
|
|
||
| In practice, citing the example above, a message cannot have been signed | ||
|
|
@@ -66,5 +66,5 @@ containing a multi-valued From: field. If set, messages can be rejected at | |
| receipt-time. If unset, messages will be ignored by the filter. (They will | ||
| not pass, but they will not fail). | ||
|
|
||
| The Authentication-results header added for the DMARC check in this case will | ||
| have a result of dmarc=permerror. | ||
| The Authentication-results header field added for the DMARC check in this case | ||
| will have a result of dmarc=permerror. | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters