On Thu, Jan 18, 2024 at 9:28 PM Hector Santos <hsantos=
[email protected]> wrote:
> Hi,
>
> As a long time implementer and integrator of IETF protocols, my mail
> engineering view ….
>
> The thing is RFC 822, 2822 and 5322 allows for a single 5322.From header
> to have multiple addresses:
>
> from = "From:" mailbox-list CRLF
> mailbox-list = (mailbox *("," mailbox)) / obs-mbox-list
>
True, but in such cases, it requires that there be a Sender: header with
exactly one mailbox as a value -
https://datatracker.ietf.org/doc/html/rfc5322#section-3.6.2
[snip]
>
>
> However, if I have been following this thread, DMARCBis was updated to
> ignore these multi-from messages for DMARC purposes because they
> (erroneously) presumed they should be rejected, i.e. never make it to a
> signer or verifier.
>
> I am not sure that is correct.
>
Perhaps the way forward for DMARC is to look for a Sender header when there
is more than one RFC5322.From domain and use that for DMARC processing,
with the stipulation that messages that don't contain such a Sender header
are invalid and should be rejected?
--
*Todd Herr * | Technical Director, Standards & Ecosystem
*e:* [email protected]
*p:* 703-220-4153
*m:* 703.220.4153
This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
