Andreas Schulze wrote: > Roland Turner via dmarc-discuss: > >> Yes. In all of the cases above, the Organizational Domain for both >> RFC5322.From and the DKIM/SPF authentication is example.com, >> consequently they match in relaxed mode. The same would be true for: >> >> - RFC5322.From: a.example.com >> - DKIM or SPF authentication identifier: b.example.com >> >> Consideration 10.4 is exactly about what happens when independent >> and/or potentially hostile parties have control of sub-domains. > > Thanks. That was new to me. > Why was DMARC defined in that way?
That question has rather a large answer, parts of which span a decade of work on email authentication. It might perhaps be simpler to address the situation that's concerning you. Are you facing a specific situation for which this creates a problem? - Roland _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)