On Thu, Dec 9, 2021 at 3:27 AM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote:
> I have trouble with this statement in section 5.7.1: > > "Multi-valued RFC5322.From header fields with multiple domains MUST be > exempt from DMARC checking." > > This language will serve as an invite for spammers to create multiple-from > messages to ensure that they will evade DMARC. > As Todd points out, the best an attacker can hope for in this situation is to earn a DMARC "none". It can't get them a "pass". I can see "exempt" as indicating to some readers a bypass of some kind, however. Underscoring the distinction between "none" and "pass" might be useful. -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc