[dmarc-discuss] please clarify

Roland Turner roland.turner at trustsphere.com
Tue Apr 5 04:01:06 PDT 2016

Andreas Schulze wrote:

> Roland Turner via dmarc-discuss:
>> Yes. In all of the cases above, the Organizational Domain for both
>> RFC5322.From and the DKIM/SPF authentication is example.com,
>> consequently they match in relaxed mode. The same would be true for:
>> - RFC5322.From: a.example.com
>> - DKIM or SPF authentication identifier: b.example.com
>> Consideration 10.4 is exactly about what happens when independent
>> and/or potentially hostile parties have control of sub-domains.
> Thanks. That was new to me.
> Why was DMARC defined in that way?

That question has rather a large answer, parts of which span a decade of work on email authentication. It might perhaps be simpler to address the situation that's concerning you. Are you facing a specific situation for which this creates a problem?

- Roland

More information about the dmarc-discuss mailing list