To avoid a new header field or a "v=" increase, to make DMARC failure a really reliable indication of genuine invalidity, at least where mailing lists are concerned, why not focus on the fact that RFC5322.From headers clearly allow multiple addresses, and invite Mediators such as mailing list to take responsibility for their changes by adding an address in their own domain to the RFC5322.From header and adding their own DKIM-Signature?
I believe we looked at that and decided it wasn't promising. The problem is that bad guys can do whatever good guys can do:
From: secur...@paypal.com, i...@rbn.ru Subject: Urgent security alert about your Paypal account! DKIM-Signature: ... d=rbn.ru Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
