On 3/19/2015 12:52 PM, Murray S. Kucherawy wrote:
> And since the From field is the only one users really see every time,
> I'm not sure that declaring and supporting yet another
> no-seriously-this-is-the-author field would be of benefit.
I'd like to try to get us to phrase this differently.
In particular, it does not matter what user's 'see'. The information is
processed by a filtering agent, independent of the user.
So what matters is that the From: field domain is the
only field certain to be provided by the author.
Everything about DMARC derives from the certainty of that presence.
For a mechanism, like DKIM, that seeks a collaborative relationship
between origin and destination, there does not need to be certainty that
the information will be present. There merely needs to be certainty
that /if/ it is present, it is valid.
DMARC is not like that. DMARC is an effort to look for spoofing. This
means that bad actors will attempt to place the trust-related
information (like a domain name) into the message, but without
authorization.
So, what domain name is certain to be in the message, other than the one
in the From field?
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
