On Fri, Dec 10, 2021 at 1:59 PM Scott Kitterman <[email protected]> wrote:
> > Ordering isn't guaranteed to be preserved. I think the options are: > > 1. Do not test for DMARC (current, no backward compatibility issues, but > incomplete coverage). > > 2. Test both and one must not fail (not clear if there are backward > compatibility or reporting issues, doesn't solve incomplete coverage) > > 3. Test both and both must not fail (probably not backward compatible, > would > need to figure out reporting, but does solve the "inadequacy"). > > Given the rarity of multi-From messages and that anything with backward > compatibility issues should have a high hurdle to clear for inclusion, I > don't > think there's a good case for anything other than leave it as is. > > To be clear, what's "current" is what's in RFC 7489, which reads: The case of a syntactically valid multi-valued RFC5322 <https://datatracker.ietf.org/doc/html/rfc5322>.From field presents a particular challenge. The process in this case is to apply the DMARC check using each of those domains found in the RFC5322 <https://datatracker.ietf.org/doc/html/rfc5322>.From field as the Author Domain and apply the most strict policy selected among the checks that fail. Option 1 above is proposed in DMARCbis as a way to mitigate the risk of a DoS attack by a bad guy inserting a From: header with umpteen domains, each of which would have to be checked. -- *Todd Herr * | Technical Director, Standards and Ecosystem *e:* [email protected] *m:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
