Re: [dmarc-ietf] Sender vs From Addresses

John R Levine <> Thu, 25 March 2021 20:36 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 236AD3A2C57 for <>; Thu, 25 Mar 2021 13:36:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key) header.b=P5vHQHlk; dkim=pass (2048-bit key) header.b=wggQxIrH
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5Rl7OrNq2NgO for <>; Thu, 25 Mar 2021 13:36:02 -0700 (PDT)
Received: from ( [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 36F793A2C55 for <>; Thu, 25 Mar 2021 13:36:02 -0700 (PDT)
Received: (qmail 1319 invoked from network); 25 Mar 2021 20:35:59 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple;; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type; s=525.605cf42f.k2103; bh=HNX30w1dMBrLkX2mtnTb7PynEK86NlJzwo28+Sllp8w=; b=P5vHQHlk0lc269ubfIuGhFCXd2Y8RTqZqcEuP621EHcfC3j19F975YsSjpNZdzl2xYNaqpU+98Y3tQ5v5tsCeNpY4DidRo66FyU2+XdkmKhXyMOFpxrfU/11pFNDxuL+kJFNAOTJvJN2uWVe6PDtIa0CdcLj5vDrKw4xQf4UT2vGStAkAViQe30CEbU3fJX37J+ZMmScbYK7VcZQkpL9JXg7UcY/wPIL4cA+V0NNA5Xy1TSpjHvKdEkLJ0R4PEpDTThUV8CrLUKrJbud7H8HqDXRHbH0shKiGMtmJpecJ0LveL0HawP7R7E/urS5QCTNT+0Q1ya9EVxDfTn6qCFsig==
DKIM-Signature: v=1; a=rsa-sha256; c=simple;; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type; s=525.605cf42f.k2103; bh=HNX30w1dMBrLkX2mtnTb7PynEK86NlJzwo28+Sllp8w=; b=wggQxIrH1GUv6bcwWBT3ItLqZKwiD5LiJQQfCvV7TCpLYIUvkalT0KZVMqPinKjFlPezo+kvPkvHofvkDuugFdypgMdZXvhOirubM+w0VYcYyDtFIM1ZNxL3eBvVQc/ZvjBii2z6aNV3chFn8mWyt3Z4YNX8N5yrv7rdy/eoILTuxx3QY/rlclZ8k/JUUK8BjkS5q3z2KFpwqybrr/PJoEoBqqZyOqrkpwme2sa8HRRM1ZLwhTeQKSw0S2IYauh6LQLR1dsDjt/sUgE8cKQY9t4AHIOYvC8ZBunHXRf0Sw2L0YmlawI32kShLf2B7jljt51QSbcs8eetCoHGP8za9Q==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 25 Mar 2021 20:35:58 -0000
Received: by ary.qy (Postfix, from userid 501) id 4A0CD714373E; Thu, 25 Mar 2021 16:35:57 -0400 (EDT)
Received: from localhost (localhost []) by ary.qy (Postfix) with ESMTP id D4A2F7143720; Thu, 25 Mar 2021 16:35:57 -0400 (EDT)
Date: 25 Mar 2021 16:35:57 -0400
Message-ID: <>
From: "John R Levine" <>
To: "Charles Gregory" <>, "Gren Elliot" <>, "" <>
X-X-Sender: johnl@ary.qy
In-Reply-To: <>
References: <> <20210324202058.91E777134D1B@ary.qy> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <>
Subject: Re: [dmarc-ietf] Sender vs From Addresses
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 25 Mar 2021 20:36:08 -0000

> It is a problem when receiving servers use DMARC existence and pass/fail 
> to increase/decrease deliverability rates. - And when Yahoo/AOL pretty 
> much block everything you send - even with a 98 sender score, SPF, DKIM, 
> and clean opt-in lists.

Are they rejecting on DMARC failure because you're publishing p=reject? 
If so, they're doing exactly what you're asking them to do.  If you don't 
want them to reject your mail, why are you telling them to do that?

I realize that getting large organizations to act coherently is close to 
impossible, but that doesn't mean the rest of the world has to work around 
their failures.  If it's not important to them to make their DMARC records 
match their actual practices, it's not important to anyone else, either.

> Going back to the beginning, DMARC breaks how SMTP worked.  The Sender 
> address serves a purpose.  This is the address bounces should return to. 
> DMARC took a steamroller to the Sender address and it didn't have to.

Yes, we all know DMARC's problems.  I complained as loudly as anyone when 
AOL and Yahoo abused it to push the costs of their security failures onto 
everyone else.

But the people who designed it knew a lot about the way that mail works, 
they they did what they did.  Prior attempts to key on sender were a 
complete failure.  I hope you have read RFC 4407.  You don't have to like 
the way that DMARC ignores Sender, but it's not an accident, and telling 
people they are stupid is not going to change any minds.

John Levine,, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.