Re: [dmarc-ietf] Sender vs From Addresses
Charles Gregory <Charles@possumdelight.com> Wed, 24 March 2021 22:25 UTC
Return-Path: <Charles@possumdelight.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 236EE3A0E54 for <dmarc@ietfa.amsl.com>; Wed, 24 Mar 2021 15:25:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kdj-dA8ySPXF for <dmarc@ietfa.amsl.com>; Wed, 24 Mar 2021 15:25:12 -0700 (PDT)
Received: from mail.possumdelight.com (mail.possumdelight.com [107.130.215.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B4273A0E61 for <dmarc@ietf.org>; Wed, 24 Mar 2021 15:25:12 -0700 (PDT)
Received: from EX.possumdelight.com (fd07::1:0:0:1:4) by EX.possumdelight.com (fd07::1:0:0:1:4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.792.3; Wed, 24 Mar 2021 18:25:09 -0400
Received: from EX.possumdelight.com ([fe80::ad5d:d7f1:b37d:a89f]) by EX.possumdelight.com ([fe80::ad5d:d7f1:b37d:a89f%7]) with mapi id 15.02.0792.010; Wed, 24 Mar 2021 18:25:09 -0400
From: Charles Gregory <Charles@possumdelight.com>
To: John Levine <johnl@taugh.com>, "dmarc@ietf.org" <dmarc@ietf.org>
CC: "gelliot@mimecast.com" <gelliot@mimecast.com>
Thread-Topic: [dmarc-ietf] Sender vs From Addresses
Thread-Index: AQHXIPx0ihmmxnZnSJC0xMH2ibjOrQ==
Date: Wed, 24 Mar 2021 22:25:09 +0000
Message-ID: <5e8acd0c67c9491e832c218b16530094@possumdelight.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative; boundary="_000_5e8acd0c67c9491e832c218b16530094possumdelightcom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/WTxpPK3A0QvhwxkRwbK1JfvEJn0>
Subject: Re: [dmarc-ietf] Sender vs From Addresses
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Mar 2021 22:25:20 -0000
"I talk to people at large mail providers a lot, and I do not recall this partiticular situation coming up as a problem, ever. Do you have concrete experience to the contrary?" I am your concrete example. The users of the custom mail platform I administer are a division within a multinational firm. They are assigned an email addresses based on their global domain name and use Office 365. While completely sanctioned, our division's marketing platform doesn't have access to the corporate mothership's email infrastructure. The red tape would be prohibitive. We send our emails from a domain registered for the division on behalf of the sending user's corporate email address. We collect the bounces at the division's return path address which is always the same. The bounces are automatically marked and cleaned up in our marketing database. "The problem with keying DMARC to the sender is that if you believe that people look at the From header, it turns DMARC into filtering based on the reputation of the DKIM or SPF identity. Mail providers already knew how to do that before DMARC existed." Has anyone considered an option to add "affiliated domains" to a DNS entry? That way at least you could specify legitimate alternate/authorized domains that could still pass DMARC. "other than desktop Outlook, MUAs do not show the sender at all. Gmail and web Outlook don't." I wish they would. Charles Gregory Sent from my T-Mobile 4G LTE Device -------- Original message -------- From: John Levine <johnl@taugh.com> Date: 3/24/21 4:21 PM (GMT-05:00) To: dmarc@ietf.org Cc: gelliot@mimecast.com Subject: Re: [dmarc-ietf] Sender vs From Addresses It appears that Gren Elliot <gelliot@mimecast.com> said: >For better or worse, there is long established practice in the Calendaring community when implementing iMIP (rfc6047) when an >assistant is working on behalf of a manager for the manager’s email address to populate the “From:” header and the >assistant’s email address to populate the “Sender:” header. Mailing software seems to go to lengths to follow this >convention even when it doesn’t do so for other email messages “sent on behalf of”. I assume this means that things will >break somewhere if this convention isn’t followed for at least some peoples calendaring software. > >So, it looks like at the moment people will need to make a choice between enforcing DMARC and having calendaring software continue >to function. DMARC only looks at the domain part of the From header. How often do the manager and assistant have e-mail addresses that are not in the same domain? >Surely it is possible to offer different levels of DMARC enforcement where there is a level that forces using the “From:” >header and a newer level which follows the existing email standards for validating who the author is – i.e. use “Sender:” if >present, else use “From:”? I talk to people at large mail providers a lot, and I do not recall this partiticular situation coming up as a problem, ever. Do you have concrete experience to the contrary? The problem with keying DMARC to the sender is that if you believe that people look at the From header, it turns DMARC into filtering based on the reputation of the DKIM or SPF identity. Mail providers already knew how to do that before DMARC existed. Noting what Dave said, I'm not sure how closely people look at the From header, but I do know that other than desktop Outlook, MUAs do not show the sender at all. Gmail and web Outlook don't. R's, John _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
- [dmarc-ietf] Sender vs From Addresses Charles Gregory
- Re: [dmarc-ietf] Sender vs From Addresses Ken O'Driscoll
- Re: [dmarc-ietf] Sender vs From Addresses Dave Crocker
- Re: [dmarc-ietf] Sender vs From Addresses Hector Santos
- Re: [dmarc-ietf] Sender vs From Addresses Dave Crocker
- Re: [dmarc-ietf] Sender vs From Addresses Hector Santos
- Re: [dmarc-ietf] Sender vs From Addresses Charles Gregory
- Re: [dmarc-ietf] Sender vs From Addresses Gren Elliot
- Re: [dmarc-ietf] Sender vs From Addresses John Levine
- Re: [dmarc-ietf] Sender vs From Addresses Kurt Andersen (b)
- Re: [dmarc-ietf] Sender vs From Addresses Gren Elliot
- Re: [dmarc-ietf] Sender vs From Addresses Kurt Andersen (b)
- Re: [dmarc-ietf] Sender vs From Addresses Charles Gregory
- Re: [dmarc-ietf] Sender vs From Addresses Douglas Foster
- Re: [dmarc-ietf] Sender vs From Addresses John R Levine
- Re: [dmarc-ietf] Sender vs From Addresses Charles Gregory
- Re: [dmarc-ietf] Sender vs From Addresses John R Levine
- Re: [dmarc-ietf] Sender vs From Addresses Charles Gregory
- Re: [dmarc-ietf] Sender vs From Addresses John R Levine
- Re: [dmarc-ietf] Sender vs From Addresses Charles Gregory
- Re: [dmarc-ietf] Sender vs From Addresses Hector Santos
- Re: [dmarc-ietf] Sender vs From Addresses Dotzero
- Re: [dmarc-ietf] Sender vs From Addresses Alessandro Vesely
- Re: [dmarc-ietf] Sender vs From Addresses Jim Fenton
- Re: [dmarc-ietf] Sender vs From Addresses John R Levine
- Re: [dmarc-ietf] Sender vs From Addresses Murray S. Kucherawy