On Fri 30/May/2014 00:46:18 +0200 Sam Varshavchik wrote: > Lindsay Haisley writes: >> >> The "author" and the "sender" of a message are distinct >> entities, and it seems that they often get confused in >> discussions of DMARC. 2822 (3.6.2): [...] > > But as far as sender validation goes, MAIL FROM: is what gets > looked at.
That is SPF validation. On top of that, DMARC wants the validated identity (SPF or DKIM) to be aligned with the From: domain. Aligned domains comparison usually means having the same administrative (i.e. registered) domain. Comparison has to be implemented using a public suffix list, for the time being. An "aspf=s" tag in the _dmarc record can turn it into strict comparison. Ditto for "adkim". The Sender: header field is not considered: http://tools.ietf.org/html/draft-kucherawy-dmarc-base-04#appendix-A.3 >> Using the authorship information in a message to determine >> origin is a misinterpretation of the From header, which bends >> RFC 2822 even if it doesn't break it outright. Rather than (mis)interpret From:, DMARC wants it to be authenticated, because it's so visible. Not all agents display "$Sender on behalf of $Author". Ale -- ------------------------------------------------------------------------------ Time is money. Stop wasting it! Get your web API in 5 minutes. www.restlet.com/download http://p.sf.net/sfu/restlet _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
