About verify signature with return-path

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Kirill Bychkov <kirill.bychkov_at_gmail.com>
Date: Fri, 29 Aug 2014 13:34:32 +0400

Hi,
The service mailchimp may sending email from any "mailfrom", for example,
from:example_at_example.com to gmail, with these headers:
From: example_at_example.com
Return-Path: <....._at_mail177.us4.mcsv.net>
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=
mail177.us4.mcsv.net;
h=Subject:From:Reply-To:To:Date:Message-ID:List-Unsubscribe:Sender:Content-Type:MIME-Version;
i=example=example_at_mail177.us4.mcsv.net;
bh=KwQ+Vxan7NSvbxpH/43sfyJQnt8=;
b=L07XgMn+pDciyFYqqiPPn3hbvHxCw2nIG7jZSAIJDBSEbz2ZHTLoyKJ+vtnzw4DU2xB0uUNB4gQ8

d+ODFM4U0zQG681MEhU+gd9S4xeYdrlAD5vKh/5xjCIpJGIjIKo2cLnoSNdSXShylXN97MO56JPv
WtNICLzXK/ArI97+ckc=

Domain "from" and domain in singature are different, but gmail dkim
verifier pass this signature.
Why?

I'm confused.
Thank you.
P.S. TXT records in the example.com are absent.
Received on Fri Aug 29 2014 - 09:34:47 PST

This archive was generated by hypermail 2.3.0 : Fri Aug 29 2014 - 09:45:01 PST