Hello, Isn't it true that the scenario where there is no "From" header could increase in popularity under 'spammers' when DMARC increases in acceptance (as it is now)?
Because using an invalid/non-aligned From would result in 100% rejects (given the fact that the domain is in 100% DMARC reject mode), they could be looking for other methodes to get they spam delivered (which they probably always will be)? I believe that the address the ISP displays as 'From' (whether they get it from the RFC5322.From or RFC5321.MailFrom header) should match DMARC as this is the address the user believes the e-mail is sent from. /Michiel DMARC Analyzer.com 2012/11/9 Zachary Harris <[email protected]> > On 11/08/2012 11:07 PM, John Levine wrote: > > Has anyone, ever, seen a phish with no From: line and the phish target's > > domain in the envelope? > > > > I don't presently wish to offer any argument on the proposed absurdity > level of certain scenarios, but just a brief note to ensure clarity: if > an incoming MTA auto-generates From based on MailFrom when the former is > absent, as is presently the case over at Gmail for example, and if you > are only looking at the final product, then even by examining headers > you wouldn't realize that it was Fromless when it first arrived at your > doorstep. > > -Zach > > _______________________________________________ > dmarc-discuss mailing list > [email protected] > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well > terms (http://www.dmarc.org/note_well.html) >
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
