On 4/21/15 4:20 PM, Terry Zink wrote: > Some quick comments: > > - Section 3 is really short. Some examples of how it would work would be nice. > - Regarding this from section 3: > > This makes an assumption users employ Mail User Agents that display the > identity contained in the Sender header field when used as a basis > for acceptance. > > I've tested Hotmail and Gmail and both suppress the Sender: header in favor > of the 5322.From address. Conversely, Outlook and Outlook Web Access (OWA) > show it as "<sender> on behalf of <from>". > > -- Terry >
On 4/21/15 4:20 PM, Terry Zink wrote: > Some quick comments: > > - Section 3 is really short. Some examples of how it would work would be nice. > - Regarding this from section 3: > > This makes an assumption users employ Mail User Agents that display the > identity contained in the Sender header field when used as a basis > for acceptance. > > I've tested Hotmail and Gmail and both suppress the Sender: header in favor > of the 5322.From address. Conversely, Outlook and Outlook Web Access (OWA) > show it as "<sender> on behalf of <from>". > > -- Terry Dear Terry, You make a good point. I consider <sender> on behalf of <from> a reasonable approach. It takes seconds using OS X Mail (Mail, Preferences, Viewing, Show message headers: custom, type Sender) to display the Sender header. It is not displayed when it is not there of course, nor is this setting the default. For Thunderbird, users will need to access Preferences, Advanced, General tab, click Config Editor, Enter mail.compose.other.header and double click mail.compose.other.header entry and type the desired headers in the string dialog. For other MUAs beyond Outlook, Mail, and Thunderbird, this may require plugins or similar tinkering. Nonetheless, Sender header protection is available and likely something better configured using a script offered by the provider. In the early days when working with Iconix, they were able to offer fairly comprehensive coverage for web access and MUA using javascript overlays with company icons. This improved source trust based on verification methods then available. It seems these MUAs offer proof it can be done and Iconix proved people could understand the results. This seems rather important since it is the Sender being trusted in most cases; the result of mail's store and forwarding protocol. DKIM and SPF only offer assurances between hops. Use of IM-From better protects the role of author and enables improved availability for direct paths while also offering greater flexibility at adding easily noticable information. http://tools.ietf.org/html/draft-otis-dmarc-escape-00 Regards, Douglas Otis _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
