On October 8, 2021 4:52:30 PM UTC, Dave Crocker <[email protected]> wrote: >On 10/8/2021 9:45 AM, Scott Kitterman wrote: >> My vague recollection is that the reason not to use Sender (implicit or >> explicit) as the key for ADSP and later DMARC was concern that some MUAs >> didn't display the explicit Sender (mostly Outlook Express, IIRC). The >> original Yahoo! DomainKeys had some sort of a policy component that keyed >> off Sender. I haven't gone back and looked anything up to be sure, so no >> promises. >> >> Maybe that was the right answer all along. Are MUAs that don't display >> Sender still a concern? Do we care? Maybe keying off Sender instead of >> From gets us to a similar place without requiring upgrades to every MUA in >> existence? > >Marc Delaney's original DomainKeys uses Sender. The problem with that >is that it often isn't in the message, given that its semantic is folded >into the From field, when they (start with) the same string. > >Since From is the only identification field that is always present, >that's what DMARC latched on to.
I think it's fair to consider that Sender is at least implicitly always present. Having a MLM add Sender and not munge From is a far better UX than the munged From. Lots of software already supports it too. Would it make sense, perhaps, to key DMARCbis off Sender (i.e. Sender if present or From if no explicit Sender)? If that makes overall sense, it would substantially simplify the MLM's problem. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
