[dmarc-discuss] please clarify
roland.turner at trustsphere.com
Tue Apr 5 03:55:29 PDT 2016
Andreas Schulze wrote:
> Roland Turner via dmarc-discuss:
>> Yes. In all of the cases above, the Organizational Domain for both
>> RFC5322.From and the DKIM/SPF authentication is example.com,
>> consequently they match in relaxed mode. The same would be true for:
>> - RFC5322.From: a.example.com
>> - DKIM or SPF authentication identifier: b.example.com
>> Consideration 10.4 is exactly about what happens when independent
>> and/or potentially hostile parties have control of sub-domains.
> Thanks. That was new to me.
> Why was DMARC defined in that way?
That question has rather a large answer, parts of which span a decade of work on email authentication. It might perhaps be simpler to address the situation that's concerning you. Are you facing a specific situation for which this creates a problem?
More information about the dmarc-discuss