> On 7/27/2020 11:14 AM, Alessandro Vesely wrote: > > > Let's say I have From: real.bank, and Sender: phisher.example. The > > above text seems to imply the receiver is looking up > > _dmarc.phisher.example. Correct? >
Avoiding it by redefining From: to serve the former purpose of Sender: and creating a new Author: to serve the former purpose of From: seems to me to start us down a long road of new header fields every couple of years. They are just names. Verifying that the message really is from phisher.example is a useful data point. The receiving system can choose to mark it with a warning like "you never had mail before from phisher.example". Consider a DMARC DNS tag for the bank to ask the receiving system to verify the From, while the end-user system would not use that tag. I think this is the distinction that should be made, for mailing lists to work but sensitive data to be more protected than end-user mail. -- Joseph Brennan Lead, Email and Systems Applications Columbia University Information Technology
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
