On Sat 03/Feb/2024 21:44:42 +0100 Murray S. Kucherawy wrote:
On Sun, Jan 28, 2024 at 5:40 AM Alessandro Vesely <ves...@tana.it> wrote:
I think this point about alignment of Sender is definitely correct,
Let's also recall there was a proposal to consider Sender: anyway.
And also let's recall that the community has previously rejected the idea
of involving Sender in DMARC evaluations. Some text about why can be found
in DMARC itself, i.e., RFC 7489, Appendix A.3.
Sorry I reconsidered that possibility. It was after Todd recalled that
multi-valued From: require Sender:. Please forget it. I agree DMARC doesn't
need to consider Sender:.
What do we think has changed since then that warrants reconsidering that
position? Have we started to see multi-value From attacks?
A DMARC filter has to do something when it sees a multi-value From:. AFAIK, we
just anticipated such attacks. Their becoming trendy depends on how DMARC
filters are going to be implemented. The latter, in turn, depends on how we
specify DMARC.
Another concern is how acceptable it is to specify a standard which does not
admit input which is perfectly valid according to a lower layer standard. Are
they conflicting?
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
