> I was surprised to find that by simply omitting the >"From: " header, in a spoofed email sent to a gmail address, that the >email was accepted!
This is one of the many scenarios that DMARC does not address. It's not a magic bullet, it's a rather narrow design to deal with people who are not you putting your address on the From: line. Just out of curiosity, in the absence of a From: line, how do you think DMARC should have guessed what domain to look for? There is no reason the From: domain has to match any other domain name in the message. R's, John _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
