On Tue, Jul 28, 2020 at 1:37 PM John Levine <jo...@taugh.com> wrote: > In article < > by5pr13mb29998094418c8a6c25902569d7...@by5pr13mb2999.namprd13.prod.outlook.com> > you write: > >To put it another way: > > > > * assist...@firstbrand.com is organizing a meeting for > execut...@secondbrand.com > > * assist...@firstbrand.com sends out a calendar invite from their > own messaging client, using > >execut...@secondbrand.com in the From: field > > * The resulting message uses execut...@secondbrand.com in the > friendly From: field, but firstbrand.com in the > >SMTP MAIL FROM domain, so the headers are no longer aligned for SPF. > > * Both firstbrand.com and secondbrand.com are set to DMARC p=reject. > > * Messages like this are then rejected by receivers that validate > DMARC results. > > This sounds like an excellent use case for Dave's > draft-crocker-dmarc-sender proposal. > > The canonical example of different From and Sender is exactly this: > Sender is an assistant working for and sending mail for From. > > > This is also precisely the situation I asked about during the session on Dave's sender proposal.
Using the Sender header and the "snd" bits in the DMARC policy for firstbrand.com, DMARC would pass for the Sender domain and fail for the >From domain. Which verdict gets applied to the message? -- *Todd Herr* | Sr. Technical Program Manager *e:* todd.h...@valimail.com *p:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc