ietf
[Top] [All Lists]

Re: dmarc damage, was gmail users read on... [bozo subtopic]

2014-09-14 09:59:15


On September 14, 2014 10:40:51 AM EDT, Hector Santos 
<hsantos(_at_)isdg(_dot_)net> wrote:

On Sep 13, 2014, at 9:49 AM, "John Levine" <johnl(_at_)taugh(_dot_)com> wrote:

Agreed, but just wanted to add one thing- doesn't the details of the
whether the sender
has to align or not depends on whether SPF or DKIM is used as the
authentication method?

No.  Neither DKIM nor SPF have any connection to either the From: or
Sender: header other than what DMARC is trying to do.

DKIM has a required hash bind to the 5322.From field data -- the only
5322 header signing requirement in DKIM.  It's burned into the now DKIM
now STD level specification.  That's not a DMARC requirement, but one
DMARC relies on having with DKIM.  

Maybe an errata is in order?   

The field is required to be signed. It's not required to have any particular 
value. It's most certainly not required to be related to the signing domain in 
any way (which is what DMARC does).

Scott K

<Prev in Thread] Current Thread [Next in Thread>