On Wed 24/Jun/2020 19:37:46 +0200 Dave Crocker wrote: > On 6/24/2020 9:31 AM, Alessandro Vesely wrote: >> On Tue 23/Jun/2020 20:49:11 +0200 Dave Crocker wrote: >>> So if Sender: wouldn't be as useful as From:, why not? >> >> The assertion that "DMARC protects the domain name in the address part >> of the From:" would have to be dropped. > Of course. But why is that a 'problem' rather than just a fact? > > An obvious challenge in this type of discussion is to distinguish > surface issues from underlying issues. So for every observation like > this, about documentation language, we need to ask a version of "so > what?" That is, how does it affect actual DMARC efficacy?
That position changes DMARC substantially: Frequently, an inbound message has one or more valid DKIM signatures, and/or passes SPF, yet it fails DMARC; that is, the authenticated domain(s) are not aligned with From:. Now it's obvious that any of those authenticated domain(s) could as well have set a Sender: pointing to itself. Hence, the net effect is equivalent to dropping the alignment requirement. >> Sender: has a display name and an address, just like From:. Don't we >> risk to double phishing opportunities? >> >> If Sender: and From: domains disagree, are both going to get reports? > > Why would there be a DMARC report on From:? Reports are supposed to be consumed by the originator. Best Ale -- _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
