[prev in list] [next in list] [prev in thread] [next in thread] 

List:       courier-users
Subject:    Re: [courier-users] Courier MLM From Rewrite
From:       Alessandro Vesely <vesely () tana ! it>
Date:       2014-05-30 9:17:09
Message-ID: 53884C95.3010801 () tana ! it
[Download RAW message or body]

On Fri 30/May/2014 00:46:18 +0200 Sam Varshavchik wrote:
> Lindsay Haisley writes:
>> 
>> The "author" and the "sender" of a message are distinct
>> entities, and it seems that they often get confused in
>> discussions of DMARC. 2822 (3.6.2): [...]
> 
> But as far as sender validation goes, MAIL FROM: is what gets
> looked at.

That is SPF validation.  On top of that, DMARC wants the validated
identity (SPF or DKIM) to be aligned with the From: domain.  Aligned
domains comparison usually means having the same administrative
(i.e. registered) domain.  Comparison has to be implemented using a
public suffix list, for the time being.  An "aspf=s" tag in the
_dmarc record can turn it into strict comparison.  Ditto for "adkim".

The Sender: header field is not considered:
http://tools.ietf.org/html/draft-kucherawy-dmarc-base-04#appendix-A.3

>> Using the authorship information in a message to determine
>> origin is a misinterpretation of the From header, which bends
>> RFC 2822 even if it doesn't break it outright.

Rather than (mis)interpret From:, DMARC wants it to be
authenticated, because it's so visible.  Not all agents display
"$Sender on behalf of $Author".

Ale
-- 
































------------------------------------------------------------------------------
Time is money. Stop wasting it! Get your web API in 5 minutes.
www.restlet.com/download
http://p.sf.net/sfu/restlet
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[prev in list] [next in list] [prev in thread] [next in thread]