That is what the RFC822 Sender header is for. The fact that DMARC bases it’s
“validation” on the From header instead of the Sender header is a flaw in DMARC
and why DMARC shouldn’t be used until this is fixed.
The RFC4407 Purported Responsible Address rules are correct and should be used,
and displayed to the user if they differ from the “From” address.
The distinction between the author of the message and the sender has existed
since letters were written and was embedded in email from the very beginning.
The fact that DMARC cannot cope with this is insane.
(DMARC is an attempt to fix broken MUAs which don’t display the Sender header.
But the proper fix is in the MUAs. What’s more insane is the big promoters and
users of DMARC control the MUA as well in many cases - yahoo webmail, gmail
app. The most popular business MUA, Outlook, handles this correctly and always
has done.)
Cheers,
Ben Liddicott
From: Dave Warren
Sent: Friday, 13 February 2015 08:12
To: Mailop
On 2015-02-12 23:33, Michael Wise wrote:
> Or better yet, strip the DKIM record and resign it with your own key.
>
> Bottom line, end of the matter is, your list, your responsibility. The
> traffic needs to be seen as coming from you, but with enough details
> to identify the original author for auditing and forensics.
That will cause DMARC to throw an alignment failure, which won't
alleviate the problem. However, you could add a key, multiple DKIM keys
are permissible, and it would show that the message was signed by the
original sender, as well as signed by the list too.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
_______________________________________________
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop
