Re: [dmarc-discuss] please clarify
Roland Turner via dmarc-discuss: That question has rather a large answer, parts of which span a decade of work on email authentication. It might perhaps be simpler to address the situation that's concerning you. Are you facing a specific situation for which this creates a problem? Roland, I do not have a specific problem. There was only a discussion on spamassassin-users ml about dmarc... Thanks for your time :-) Andreas ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
Re: [dmarc-discuss] please clarify
Andreas Schulze wrote: > Roland Turner via dmarc-discuss: > >> Yes. In all of the cases above, the Organizational Domain for both >> RFC5322.From and the DKIM/SPF authentication is example.com, >> consequently they match in relaxed mode. The same would be true for: >> >> - RFC5322.From: a.example.com >> - DKIM or SPF authentication identifier: b.example.com >> >> Consideration 10.4 is exactly about what happens when independent >> and/or potentially hostile parties have control of sub-domains. > > Thanks. That was new to me. > Why was DMARC defined in that way? That question has rather a large answer, parts of which span a decade of work on email authentication. It might perhaps be simpler to address the situation that's concerning you. Are you facing a specific situation for which this creates a problem? - Roland ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
Re: [dmarc-discuss] please clarify
Andreas Schulze wrote: > Roland Turner via dmarc-discuss: > >> Yes. In all of the cases above, the Organizational Domain for both >> RFC5322.From and the DKIM/SPF authentication is example.com, >> consequently they match in relaxed mode. The same would be true for: >> >> - RFC5322.From: a.example.com >> - DKIM or SPF authentication identifier: b.example.com >> >> Consideration 10.4 is exactly about what happens when independent >> and/or potentially hostile parties have control of sub-domains. > > Thanks. That was new to me. > Why was DMARC defined in that way? That question has rather a large answer, parts of which span a decade of work on email authentication. It might perhaps be simpler to address the situation that's concerning you. Are you facing a specific situation for which this creates a problem? - Roland ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
Re: [dmarc-discuss] please clarify
Roland Turner via dmarc-discuss: Yes. In all of the cases above, the Organizational Domain for both RFC5322.From and the DKIM/SPF authentication is example.com, consequently they match in relaxed mode. The same would be true for: - RFC5322.From: a.example.com - DKIM or SPF authentication identifier: b.example.com Consideration 10.4 is exactly about what happens when independent and/or potentially hostile parties have control of sub-domains. Thanks. That was new to me. Why was DMARC defined in that way? Andreas ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
Re: [dmarc-discuss] please clarify
A. Schulze wrote: > I have a question about DMARC alignments. > > the usual case: > - RFC5322.From: sub.example.com > - DKIM or SPF authentication identifier: example.com > > -> this is aligned in relax mode. > > But: > - RFC5322.From: example.com > - DKIM or SPF authentication identifier: sub.example.com > > Is this a relax alignment? > At least https://tools.ietf.org/html/rfc7489#section-10.4 suggest it is. Yes. In all of the cases above, the Organizational Domain for both RFC5322.From and the DKIM/SPF authentication is example.com, consequently they match in relaxed mode. The same would be true for: - RFC5322.From: a.example.com - DKIM or SPF authentication identifier: b.example.com Consideration 10.4 is exactly about what happens when independent and/or potentially hostile parties have control of sub-domains. - Roland ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)