[dmarc-discuss] Mailinglists: Sender-Header

Benjamin BILLON bbillon-ml at splio.fr
Thu Jun 12 09:51:58 PDT 2014


>From a very pragmatical point of view, the From header is the one the
recipient sees first ; the additional "via" or "sent on behalf of" could be
anything that the recipient might not know or understand, therefore making
the whole point of DMARC useless.

Now, if I recall properly, the Sender header was imagined so secretaries
could send emails "on behalf of" a director (at least that's the examples
in the RFC), and what ESPs conveniently did with the Sender header was
probably not in mind of the RFC authors.

That's the best explanations I could give, there might be others ...

Cheers,
--
Benjamin


2014-06-12 16:05 GMT+02:00 Patrick Rauscher via dmarc-discuss <
dmarc-discuss at dmarc.org>:

> Hello,
>
> unfortunatly I could not grab all archives, but I could not find the
> answer to my question in the FAQ, so maybe you can help me.
> The main problem of DMARC in combination with mailinglists are the
> From-Header, right?
> If we leave it with the original value we cannot change any part of the
> Mail due to DKIM. If we change it, we get problems with replys.
>
> So how about either using good old Sender-Header in DMARC/DKIM for
> Domain-Verification or add a new Header containing the original
> From-Header and overwriting the From-Header.
>
> In both cases the Sender-Header / new From-Header would have to be set
> by the LIST-software to an local address (like the address of the list).
> DKIM/DMARC-Checks would work on this address and let mails pass.
>
> I'd prefer setting the Sender-Header, since this
> a) has no need for a new Header and
> b) makes more sense: DKIM/DMARC shall check if the mail originates from
>    where it claims to come from. This is stored in the Sender-Header (if
>    present).
>
> The con to this approach is, that anybody could then spoof the
> From-Headers. But I think it's the MUAs job to show who has sent the
> mail. Maybe this could be an additional check in Spamcheckers or so.
>
> To return to my question: Why does DKIM/DMARC use the From-Header, if
> Sender-Header is present?
>
> Thank you,
> prauscher
>
> _______________________________________________
> dmarc-discuss mailing list
> dmarc-discuss at dmarc.org
> http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>
> NOTE: Participating in this list means you agree to the DMARC Note Well
> terms (http://www.dmarc.org/note_well.html)
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://dmarc.org/pipermail/dmarc-discuss/attachments/20140612/ac91e54b/attachment.html>


More information about the dmarc-discuss mailing list