Re: [dmarc-ietf] Sender vs From Addresses

Charles Gregory <> Thu, 25 March 2021 21:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9CC063A09BB for <>; Thu, 25 Mar 2021 14:39:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9ZZlybvcOGsf for <>; Thu, 25 Mar 2021 14:39:12 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A1BC63A09B7 for <>; Thu, 25 Mar 2021 14:39:12 -0700 (PDT)
Received: from (fd07::1:0:0:1:4) by (fd07::1:0:0:1:4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.792.3; Thu, 25 Mar 2021 17:39:11 -0400
Received: from ([fe80::ad5d:d7f1:b37d:a89f]) by ([fe80::ad5d:d7f1:b37d:a89f%7]) with mapi id 15.02.0792.010; Thu, 25 Mar 2021 17:39:11 -0400
From: Charles Gregory <>
To: John R Levine <>, Gren Elliot <>, "" <>
Thread-Topic: [dmarc-ietf] Sender vs From Addresses
Thread-Index: AQHXIN1IihmmxnZnSJC0xMH2ibjOraqT17oAgAAB3ACAAAKeAIABbRwA///F5JCAAF8KgP//yjsA
Date: Thu, 25 Mar 2021 21:39:11 +0000
Message-ID: <>
References: <> <20210324202058.91E777134D1B@ary.qy> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [dmarc-ietf] Sender vs From Addresses
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 25 Mar 2021 21:39:18 -0000

>> It is a problem when receiving servers use DMARC existence and 
>> pass/fail to increase/decrease deliverability rates. - And when 
>> Yahoo/AOL pretty much block everything you send - even with a 98 
>> sender score, SPF, DKIM, and clean opt-in lists.

>Are they rejecting on DMARC failure because you're publishing p=reject? 

NO p=none

>If so, they're doing exactly what you're asking them to do.  If you don't want them to reject your mail, why are you telling them to do that?

>I realize that getting large organizations to act coherently is close to impossible, but that doesn't mean the rest of the world has to work around their failures.  If it's not important to them to make their DMARC records match their actual practices, it's not important to >anyone else, either.

>> Going back to the beginning, DMARC breaks how SMTP worked.  The Sender 
>> address serves a purpose.  This is the address bounces should return to.
>> DMARC took a steamroller to the Sender address and it didn't have to.

>Yes, we all know DMARC's problems.  I complained as loudly as anyone when AOL and Yahoo abused it to push the costs of their security failures onto everyone else.

>But the people who designed it knew a lot about the way that mail works, they they did what they did.  Prior attempts to key on sender were a complete failure.  I hope you have read RFC 4407.  You don't have to like the way that DMARC ignores Sender, but it's not an >accident, and telling people they are stupid is not going to change any minds.

I don't remember saying anything like that John.  I doubt anyone in this thread has a low IQ.  In fact, I am very thankful for this discussion and everyone who is taking part.  I am learning things from each of you outside of my general scope of operation.

I DO think this is an unnecessary problem that CAN be fixed/improved in one of two fairly straightforward manners through DNS (behavior switch or list authorized alternate domains).  And I can't see anything but upside in doing so; nobody has demonstrated a downside anyways.  Yet I have no idea how such decisions are made or the part that anyone plays here.  I will review RFC 4407.  Thanks.

>John Levine,, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail.


Charles Gregory