On Tue, Nov 6, 2012 at 7:17 AM, John Levine <[email protected]> wrote: > Just out of curiosity, in the absence of a From: line, how do you > think DMARC should have guessed what domain to look for? There is no > reason the From: domain has to match any other domain name in the > message.
I assumed that in the absence of a From: domain, it would default to the envelope sender domain. This is certainly what many MUA UIs do when trying to display where the message originated from. If the aim of DMARC is to deal with the narrow scope of spoofing of the From: line, it would seem that MUA behaviour (displaying the envelope "mail from" as the message "From:" ) should influence the design of the DMARC algorithm. Perhaps it is reasonable to fall back to the envelope sender in the absence of a message From: header? If this mailing list supports attachments, you can see how gmail displayed this test message. BTW, I noticed, from my initial post to this list last night, that 13 recipients did not get my message because their message forwarder broke SPF and DKIM. -- Mason
<<attachment: gmail screenshot.png>>
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
