>>Putting as much value on RFC5322 From as DMARC does follows >>conventional wisdom, but I believe that wisdom is flawed. >> >>Of course, that speaks to the advice you want to give: tell UIs that >>they should show the From addr-spec to users always. But be clear >>about what you're asking for: you're not saying they should do it >>because it's objectively "right"; you're saying they should do it >>because it helps support the decision that DMARC has made. > > If any authentication technology is going to work, DMARC or whatever, > it will have to be tied to some kind of identifier. 5322.From is as good > as any and better than most.
And yet SPF uses a different one (5321.Mail.From), and there've been suggestions to use Sender, rather than From, if Sender is present, or to check both. There's no one "right" answer, and all have failings. If a spec is going to suggest UI changes to match the choices that spec has made, it needs to be clear about where those suggestions come from. And the people making the recommendations need to understand that their recommendations might be wildly in conflict with what UI experts know to work best for users. Barry _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
