If I put my gmail address into the from field, there is no pretending, no
matter what platform I am using.
That conflicts with the coarse-grained authentication strategy, established
at the FTC Email Authentication Summit in November 2004, ...
No, it doesn't. It probably won't surprise you to hear that several of us
were there.
The FTC wanted a way to reliably associate a domain name with a message,
and they gave SPF and Domainkeys and Sender-ID as examples. The IETF
later published SPF and DKIM (which is a tweaked version of Domainkeys),
as standard track RFCs each of which associate a domain name with a
message.
They all use a domain name in different places in the message; only
Sender-ID used the From header address, and even then only if there was no
Sender, or Resent-From, or Resent-Sender. (That was the infamous PRA
patent.)
It wasn't until DMARC came along that anything formalized the unfortunate
misapprehension that the From header address is the only "real" identity.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
