|
|
|
|
|
|
by roketridah
2133 days ago
|
|
|
If memory serves me right DKIM only mandates that the DKIM signature header is valid for the d= domain used by verifiying that the protected fields where not changed - but it makes no claims on alignment of the d= domain in the DKIM signature and the protected headers. So anyone can sign for any domain for which they have published DKIM keys, and produce valid DKIM. It's DMARC that requires that a valid DKIM signature match the d= domain with the From domain to consider the message DMARC aligned and be awarded a DMARC pass. [or otherwise pass SPF checks and have SPF domain aligned with From domain] Edit: typo, clarity |
|
|