[dmarc-discuss] please clarify

Roland Turner roland.turner at trustsphere.com
Tue Apr 5 03:55:29 PDT 2016


Andreas Schulze wrote:

> Roland Turner via dmarc-discuss:
>
>> Yes. In all of the cases above, the Organizational Domain for both
>> RFC5322.From and the DKIM/SPF authentication is example.com,
>> consequently they match in relaxed mode. The same would be true for:
>>
>> - RFC5322.From: a.example.com
>> - DKIM or SPF authentication identifier: b.example.com
>>
>> Consideration 10.4 is exactly about what happens when independent
>> and/or potentially hostile parties have control of sub-domains.
>
> Thanks. That was new to me.
> Why was DMARC defined in that way?

That question has rather a large answer, parts of which span a decade of work on email authentication. It might perhaps be simpler to address the situation that's concerning you. Are you facing a specific situation for which this creates a problem?

- Roland



More information about the dmarc-discuss mailing list