I have been thinking about the other way that an attacker could have two
>From addresses: by having two From headers.Not a problem as long as
the evaluator rejects the message based on standards violation.
But what if the evaluator does not test for dual headers because the
configuration is
Murray S. Kucherawy skrev den 2024-02-11 01:39:
-MSK, participating
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
avoid this on maillists please
why is stupid mua using quoted-printable while its html ?, i dont blame
anyone from make silly msg
On Saturday, February 10, 2024 7:39:37 PM EST Murray S. Kucherawy wrote:
> On Sat, Feb 10, 2024 at 12:34 PM Jim Fenton wrote:
> > > No, it's perfectly fine to declare that DMARC only applies to certain
> > > classes of messages.
> >
> > This actually concerns me a bit. If having multiple From:
On Sat, Feb 10, 2024 at 12:34 PM Jim Fenton wrote:
> > No, it's perfectly fine to declare that DMARC only applies to certain
> > classes of messages.
>
> This actually concerns me a bit. If having multiple From: addresses causes
> a message to be out of scope for DMARC and therefore bypass a
On 5 Feb 2024, at 22:22, Murray S. Kucherawy wrote:
> No, it's perfectly fine to declare that DMARC only applies to certain
> classes of messages.
This actually concerns me a bit. If having multiple From: addresses causes a
message to be out of scope for DMARC and therefore bypass a p=reject
+1
With 5617 was the DKIM=ALL policy - anyone can sign. Offered no authorization
protection.
dkim=discardable offers 1st party signaing protection — just like DMARC offers.
Both failed in validating the 3rd party signer.
All the best,
Hector Santos
> On Feb 8, 2024, at 11:26 AM, Jim