RFC5322 3.6 states that ALL emails MUST have one and one only From: header.
Just dare to enforce it. https://github.com/linkedin/dmarc-msys/blob/master/dmarc.lua#L655 On 11/6/12 7:33 AM, "Mason Schmitt" <[email protected]> wrote: >On Tue, Nov 6, 2012 at 7:17 AM, John Levine <[email protected]> wrote: >> Just out of curiosity, in the absence of a From: line, how do you >> think DMARC should have guessed what domain to look for? There is no >> reason the From: domain has to match any other domain name in the >> message. > >I assumed that in the absence of a From: domain, it would default to >the envelope sender domain. This is certainly what many MUA UIs do >when trying to display where the message originated from. If the aim >of DMARC is to deal with the narrow scope of spoofing of the From: >line, it would seem that MUA behaviour (displaying the envelope "mail >from" as the message "From:" ) should influence the design of the >DMARC algorithm. Perhaps it is reasonable to fall back to the >envelope sender in the absence of a message From: header? > >If this mailing list supports attachments, you can see how gmail >displayed this test message. > >BTW, I noticed, from my initial post to this list last night, that 13 >recipients did not get my message because their message forwarder >broke SPF and DKIM. > >-- >Mason _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
