A. Schulze wrote: > I have a question about DMARC alignments. > > the usual case: > - RFC5322.From: sub.example.com > - DKIM or SPF authentication identifier: example.com > > -> this is aligned in relax mode. > > But: > - RFC5322.From: example.com > - DKIM or SPF authentication identifier: sub.example.com > > Is this a relax alignment? > At least https://tools.ietf.org/html/rfc7489#section-10.4 suggest it is.
Yes. In all of the cases above, the Organizational Domain for both RFC5322.From and the DKIM/SPF authentication is example.com, consequently they match in relaxed mode. The same would be true for: - RFC5322.From: a.example.com - DKIM or SPF authentication identifier: b.example.com Consideration 10.4 is exactly about what happens when independent and/or potentially hostile parties have control of sub-domains. - Roland _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)