>That said, the substitution of RFC5321.MailFrom for an absent >RFC5322.From is a sufficiently common practice that there may be sense >in calling this out in the Security Considerations (that a Mail Receiver >which does this should also apply the DMARC algorithm as though the >synthesised RFC5322.From header was actually present).
Has anyone, ever, seen a phish with no From: line and the phish target's domain in the envelope? This scenario seems absurdly far-fetched to me. R's, John _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
