On Wed, May 13, 2015 at 9:05 PM, Stephen J. Turnbull <[email protected]> wrote:
> > Currently ALL DMARC policy assertions ignore the role of the > > Sender header field. > > Which seems theoretically correct to me, as (unlike From) Sender is > not arguably a field reserved to Author Domains. Of course a Mediator > can make an assertion about Sender by DKIM signing it, but it seems > rather unlikely to me that Author Domains would want to make > assertions about Sender along the lines of "if Sender is signed, > consider the message to be authentic". > +1 here, and to pretty much all of this message. Moreover, current use of Sender by both producing agents and consuming agents is inconsistent. Suddenly relying upon it in addition to or instead of From for much of anything creates the need for a lot of people to change how they do things, and that seems unlikely in anything but a long time frame. So, too, is it unlikely that anything registering a No-Really-THIS-Is-The-Really-Real-Sender header field will gain widespread adoption. What gets added from here forward really needs to be as innocuous as possible. I believe we're in a position where things like SPF and DKIM are still young enough that their implementations are malleable, but trying to get every MLM, MTA, MUA, and MSA out there to suddenly use Sender universally and in a common way seems far less likely to be successful. -MSK
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
