On 6/25/20 12:12 PM, John Levine wrote: > Any sensible mail provider will do its usual reputation checks on the > validated identity, whichever header it is, and decide whether to > deliver the message or not. I believe that Dave's point is if you're > going to do that, validating the sender gives you useful flexibility > without a lot of loss of security. I'm not sure what validating the sender (either) accomplishes. > > On the other hand, if you're going to do that, why do you need DMARC > at all? You use the d= in valid DKIM signatures. > +1, although there's also the reporting piece of DMARC, which can be used to alert the domain to authentication breakage and perhaps certain types of abuse.
-Jim
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
