Re: [dmarc-ietf] Sender vs From Addresses

Alessandro Vesely <vesely@tana.it> Fri, 26 March 2021 18:05 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6EEE3A248D for <dmarc@ietfa.amsl.com>; Fri, 26 Mar 2021 11:05:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W3bR0ghr50GT for <dmarc@ietfa.amsl.com>; Fri, 26 Mar 2021 11:05:03 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 779F73A248C for <dmarc@ietf.org>; Fri, 26 Mar 2021 11:05:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1616781899; bh=CkZ2WaW/3NLWd3wUEqMMH5WNnqoNzgxByZDCxXuQwJ4=; l=759; h=To:References:From:Date:In-Reply-To; b=A3kho5XxGcPRGKMO43jPcfSsS3h9WB7+wte1Bt+WHO4uzoSTEIf6hobBMGKe8p6sO 2mGDodd8dg/2vgSrSP5JXVw/9fOLcjXoYGhcXsVDJJsBYJ9N9ze9VD+OQmxIFHZxBs Bg6zGjJP2EyyYXEYFyaVxI8a8y+acmhdgwjchBjz4XeA+LIUWnLhnmDtmwxLe
Authentication-Results: tana.it; auth=pass (details omitted)
Original-From: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC056.00000000605E224B.00007D6A; Fri, 26 Mar 2021 19:04:59 +0100
To: Charles Gregory <Charles@possumdelight.com>, "dmarc@ietf.org" <dmarc@ietf.org>
References: <F1E2D8D7-9978-4C4B-9FD7-AB6428D12789@contoso.com> <20210324202058.91E777134D1B@ary.qy> <CABuGu1ovwwwwZALDOed74nBu1gOHcom8W+UDKC2GdWiEE_7yKw@mail.gmail.com> <4677E791-B028-4CAC-9752-0F4D8F1B0103@mimecast.com> <2ea2767-4940-77d1-e09e-a0ab215f9c9e@taugh.com> <07b0c7962b3e455bb341972e7fc4ca70@possumdelight.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <2e14b75d-62b4-0110-6ff1-10c7c48b5124@tana.it>
Date: Fri, 26 Mar 2021 19:04:58 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0
MIME-Version: 1.0
In-Reply-To: <07b0c7962b3e455bb341972e7fc4ca70@possumdelight.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/jJoO5wuFC4U7bqEPdtAucsTdfIs>
Subject: Re: [dmarc-ietf] Sender vs From Addresses
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Mar 2021 18:05:09 -0000

On Thu 25/Mar/2021 20:31:35 +0100 Charles Gregory wrote:
> 
> Consider how this SHOULD work with email service providers to a small
> business.  Emails should appear FROM CompanyA while the SENDER appears FROM
> MailChimp.  These are legitimately separate concerns.  Bounces go back to
> MailChimp for processing.  The receiver sees CompanyA in the from field.

Do they trust MailChimp?  If they do, let MailChimp create a DKIM key and sign 
the messages they send on behalf of CompanyA as:

    DKIM-Signature: v=1; d=CompanyA; s=MailChimp; ...

To publish the public key that MailChimp will hand out as said selector is 
CompanyA's act of faith.  Indeed, the effect is not much different than 
authorizing specific domains through DNS.


Best
Ale
--