[dmarc-discuss] please clarify

Roland Turner roland.turner at trustsphere.com
Tue Apr 5 00:39:32 PDT 2016

A. Schulze wrote:

> I have a question about DMARC alignments.
> the usual case:
>  - RFC5322.From: sub.example.com
>  - DKIM or SPF authentication identifier: example.com
> -> this is aligned in relax mode.
> But:
>  - RFC5322.From: example.com
>  - DKIM or SPF authentication identifier: sub.example.com
> Is this a relax alignment?
> At least https://tools.ietf.org/html/rfc7489#section-10.4 suggest it is.

Yes. In all of the cases above, the Organizational Domain for both RFC5322.From and the DKIM/SPF authentication is example.com, consequently they match in relaxed mode. The same would be true for:

- RFC5322.From: a.example.com
- DKIM or SPF authentication identifier: b.example.com

Consideration 10.4 is exactly about what happens when independent and/or potentially hostile parties have control of sub-domains.

- Roland

More information about the dmarc-discuss mailing list