On 06/11/2012 23:43, Mason Schmitt wrote:
It would seem that leveraging something like DMARC to handle this case would enable senders to dictate the policy that receivers should implement concerning the senders domain only,
This is a pretty common misunderstanding: Domain Owners do not _*dictate*_ anything to Mail Receivers.
To further re-purpose a frequently re-purposed phrase: Domain Owners propose, Mail Receivers dispose.
as opposed to a blanket policy across all domains.
This is a worthwhile distinction, but is still a local issue for a Mail Receiver, not the subject of an interoperability specification.
That said, the substitution of RFC5321.MailFrom for an absent RFC5322.From is a sufficiently common practice that there may be sense in calling this out in the Security Considerations (that a Mail Receiver which does this should also apply the DMARC algorithm as though the synthesised RFC5322.From header was actually present).
- Roland -- Roland Turner | Director, Labs TrustSphere Pte Ltd | 3 Phillip Street #13-03, Singapore 048693 Mobile: +65 96700022 | Skype: roland.turner [email protected] | http://www.trustsphere.com/
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
