Dave Crocker writes: > From: happens to be the only place that always has the presence of a > domain associated with the origin.
Except it doesn't always have a domain associated with the originating MTA, and there's nothing in RFC 5322 that says it does. RFC 5322 says you shouldn't put an address in From that you don't have the right to use, not that it must be aligned with the domain of the injecting MTA. So I must be missing something, because it seems to me that you've got the DMARC From alignment tail wagging the whole RFC 5322 dog here. > And note that without DMARC, these days users typically don't see > the domain. In other words, it isn't presented to the user. This > inconvenient fact is ignored or dismissed every time someone touts > the user's role in DMARC. What's so inconvenient about it? I'm apparently missing something, but I don't see how the fact that the domain sometimes isn't presented is particularly inconvenient for the position that user behavior matters. Specifically, in many cases failure to present the domain as a character string doesn't mean that the displayed identity isn't associated with the address in some way such as presentation of an avatar looked up by address, or in a tool-tip. There may be other subtle channels by which the address can influence user behavior without being displayed as a character string. And sometimes it is presented as a string. Note that these "subtle channels" are MUA functions, and thus outside the purview of current MTA-based DMARC implementations. I think it's quite valid to emphasize the user's role here. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc