It appears that Scott Kitterman <skl...@kitterman.com> said: >> apply the DMARC check using each of those domains found in the >> >> RFC5322 <https://datatracker.ietf.org/doc/html/rfc5322>.From field >> as the Author Domain and apply the most strict >> policy selected among the checks that fail. >> >> >> Option 1 above is proposed in DMARCbis as a way to mitigate the risk of a >> DoS attack by a bad guy inserting a From: header with umpteen domains, each >> of which would have to be checked. > >Thanks. I had lost track of that. > >In that case it might be better to impose a limit (two maybe) to check rather >than toss out the check entirely?
Seems like a quality of implmentation issue. Given the volume of mail that flows through servers these days, it seems very implausible that you could cause any new damage by putting a few more domains to test in a From header. DMARC has been around for the better part of a decade so I think we can assume someone will already have tried any useful attack. As a practical matter, I have seen very few messages with more than one address and I don't think I've ever seen a message with more than two other than as to prove it's possible. So if one decided to toss anything with three addresses into the bin without even doing other checks, I suspect nobody would even notice. R's, John _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
