Re: [exim] DMARC spf_domain= empty

Top Page
Delete this message
Reply to this message
Author: Mike Brudenell
Date:  
To: Exim Users
Subject: Re: [exim] DMARC spf_domain= empty
On 5 June 2017 at 07:09, Richard James Salts via Exim-users <
exim-users@???> wrote:

> Was the message a bounce or autoreply with an empty sender? Should the
> behaviour be to fall back to helo domain with spf when
> processing a message from the empty sender? Is that even desirable?
>


If it's any help, section 2.4 of RFC 7208 SPF
<https://tools.ietf.org/html/rfc7208#section-2.4> states:

[RFC5321] allows the reverse-path to be null (see Section 4.5.5 in
[RFC5321]). In this case, there is no explicit sender mailbox, and such a
message can be assumed to be a notification message from the mail system
itself. When the reverse-path is null, this document defines the "MAIL
FROM" identity to be the mailbox composed of the local-part "postmaster"
and the "HELO" identity (which might or might not have been checked
separately before).


and section 3.1.2 of RFC 7489 (DMARC) states:

Note that the RFC5321.HELO identity is not typically used in the context of
DMARC (except when required to "fake" an otherwise null reverse-path), even
though a "pure SPF" implementation according to [SPF] would check that
identifier.


So as I understand it then yes, you fall back to the HELO domain when the
RFC5321.MailFrom is null. (This tallies with what I've observed happening
with Gmail's SPF and DMARC verification.)

Cheers,
Mike B-)

--
Systems Administrator & Change Manager
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811

Web: www.york.ac.uk/it-services
Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm