Re: [dmarc-ietf] Sender vs From Addresses

Dotzero <> Fri, 26 March 2021 03:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CA2E33A0B60 for <>; Thu, 25 Mar 2021 20:39:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Bmn-uG3JSjQB for <>; Thu, 25 Mar 2021 20:39:26 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::f33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2291D3A0B59 for <>; Thu, 25 Mar 2021 20:39:26 -0700 (PDT)
Received: by with SMTP id x27so2328858qvd.2 for <>; Thu, 25 Mar 2021 20:39:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1FqHWMx6RLRBmFELD2ag9Qvt+M2Vofdfi5cj4qwJMns=; b=qcS0AJT/Hd1qd/O0U/7+DY/ns3yM6e6/X+2c9vzl2AoU8soJoIzApu3PA5Lv6PdY+E 8KyMyuQCm1jD0xltzkfNv7AwtQlrfVN+8yJCfM2cvoVMe8uamUSaUUVXSzlFRgJSLuxT QcGIWn2pz5/7PxkofxaoxZAMSqXK/+6XkAPNIXn6Q9BVwesxFpS2tj/ux1S14XJZfHaO vMTEyLq/ldnObnT7rHG/otnOgq8Bmz6osJRBY+0szYxDHZ959QM6ZHUWKXRYUtFDAVDm ryd9GRmGaVXJpRBlTnitsj5aX47/hcyPVpEECfkEbdA0N24EaISi5EMjcBaOg8/m4gME pSJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1FqHWMx6RLRBmFELD2ag9Qvt+M2Vofdfi5cj4qwJMns=; b=D8oKG3+l5vn1LXB4tiR3vvBAee8DmjzBmK7JeMapJ6SQDnlHad2w4a4cSLIK7Lgo8/ cZ3wrjfHsULWKNPMyhkUeBuJXmrW6Njp7HcLHCa+1XojmJ/pCJ8c97GLNXH/m7TCTxvQ BmlCisiToN7iQiLLDtCtXnbyiqG9DKzZxpZV3oHubJSKIxZ3EVd/0v8l7jN6PusulC63 jLMM6DjveKOmRbLVuvfSgGJwzdwjiiaRnu9jlNkM2L9DiJ2KHzsQnyXlQNw6fuSFpx/i 5sv5H7zF9H4LfrU6paNG/fSY9TkE5/eHJeniLMT7P3VGWFMPp6nJMG1i8EfHDSnF8wIQ zMVg==
X-Gm-Message-State: AOAM531fTKLHNQ8IslmnTwlNdcM8GMbFtrgSsLDHdMVvFyXZFdxnXo7g h44HKr2EVUiR3TFyYWrAnjZq921UK4Pb1WE9Nw2UYZsv8Z0=
X-Google-Smtp-Source: ABdhPJzRm91BWkh1xPLpNkJjNhVuEUET8oJzyMB8f3qqPOOPJNdsTW8kymc2LpsIcMtU7WtZw/dC3oFOdHBC7i93gDw=
X-Received: by 2002:ad4:5144:: with SMTP id g4mr11785024qvq.26.1616729963636; Thu, 25 Mar 2021 20:39:23 -0700 (PDT)
MIME-Version: 1.0
References: <> <20210324202058.91E777134D1B@ary.qy> <> <> <> <> <> <> <>
In-Reply-To: <>
From: Dotzero <>
Date: Thu, 25 Mar 2021 23:39:13 -0400
Message-ID: <>
To: John R Levine <>
Cc: Charles Gregory <>, Gren Elliot <>, "" <>
Content-Type: multipart/alternative; boundary="0000000000002e2afd05be6847ed"
Archived-At: <>
Subject: Re: [dmarc-ietf] Sender vs From Addresses
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 26 Mar 2021 03:39:31 -0000

On Thu, Mar 25, 2021 at 5:53 PM John R Levine <> wrote:

> >>> It is a problem when receiving servers use DMARC existence and
> >>> pass/fail to increase/decrease deliverability rates. - And when
> >>> Yahoo/AOL pretty much block everything you send - even with a 98
> >>> sender score, SPF, DKIM, and clean opt-in lists.
> >
> >> Are they rejecting on DMARC failure because you're publishing p=reject?
> >
> > NO p=none
> I know people at Yahoo, and their filtering is largely based on complaint
> statistics.  If they're blocking your mail, the recipients are marking a
> lot of it as junk.  What do you see in the feedback reports?
> > I DO think this is an unnecessary problem that CAN be fixed/improved in
> > one of two fairly straightforward manners through DNS (behavior switch
> > or list authorized alternate domains).  And I can't see anything but
> > upside in doing so; nobody has demonstrated a downside anyways.
> It's real simple. Delegate a subdomain or provide a signing key to a 3rd
> party. In my previous incarnation we managed 6,000+ domains and both
> Ironport and Message Systems allowed us to DKIM sign on the fly for any of
> the our own domains at our border MTAs. Earlier on we were able to do the
> same with a little more effort with well known open source mail servers. If
> service providers aren't willing or able to work with either delegated
> subdomains or delegated DKIM keys, shame on them. That is a business
> problem on their part, not an interoperability problem. I am slightly more
> sympathetic in the case of mailing lists which is a different problem space.
> I explained the downside to Sender a few messages back: it lets people put
> any address they want in the From line so it becomes just a filter on the
> reputation of the DKIM or SPF domain.  If that were adequate, they
> wouldn't have invented DMARC.

This was the problem with  *Sender ID* and PRA. Back in the day I used to
taunt the folks at Microsoft (Craig and Harry) by sending them email with
their own From address by leveraging the Sender address and PRA to
game a  *Sender
ID* neutral. It frustrated the hell out of them. As has been pointed out
many times, there is no way of determining if Sender domain has any
relationship to From domain unless it is in the same administrative domain.

> I agree that there is no particular downside to something like ATPS, but
> the fact that we've had ATPS for a decade and nobody has implemented it
> tells me that this is not a problem that the industry thinks is worth
> solving.
> +1

Michael Hammer