On Fri 19/Jan/2024 18:00:35 +0100 Hector Santos wrote:
On Jan 19, 2024, at 10:19 AM, Todd Herr
<[email protected]> wrote:
Perhaps the way forward for DMARC is to look for a Sender header when there is more than one RFC5322.From domain and use that for DMARC processing, with the stipulation that messages that don't contain such a Sender header are invalid and should be rejected?
Todd, +1
I like this idea. The 5322.Sender is required for a 2+ address Mailbox-list.
+1 as well. Let me note that, in such case, DMARC should require that the
Sender: domain be aligned with at least one of the From: domains.
Otherwise, disallow should mean reject/ quarantine when at least one of the
From: domains says so. (Same complexity as previous case.)
Ignoring, as Section 11.5 points out, exposes an attack vector that must be
taken into consideration. That section says:
[C]are must be taken by the receiving MTA to recognize such messages
as the threats they might be and handle them appropriately.
What does it mean "appropriately" in that context? It looks to me as a neatly
carved hole in a security filter.
Best
Ale
--
PS: Thunderbird, for one, allows editing From: and add more mailboxes, in the
message composition window.
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
