Re: [dmarc-ietf] non-mailing list use case for differing header domains

[Todd Herr <todd.herr@valimail.com>]

On Tue, Jul 28, 2020 at 1:37 PM John Levine <johnl@taugh.com> wrote:

> In article <
> BY5PR13MB29998094418C8A6C25902569D7730@BY5PR13MB2999.namprd13.prod.outlook.com>
> you write:
> >To put it another way:
> >
> >  *   assistant@firstbrand.com is organizing a meeting for
> executive@secondbrand.com
> >  *   assistant@firstbrand.com sends out a calendar invite from their
> own messaging client, using
> >executive@secondbrand.com in the From: field
> >  *   The resulting message uses executive@secondbrand.com in the
> friendly From: field, but firstbrand.com in the
> >SMTP MAIL FROM domain, so the headers are no longer aligned for SPF.
> >  *   Both firstbrand.com and secondbrand.com are set to DMARC p=reject.
> >  *   Messages like this are then rejected by receivers that validate
> DMARC results.
>
> This sounds like an excellent use case for Dave's
> draft-crocker-dmarc-sender proposal.
>
> The canonical example of different From and Sender is exactly this:
> Sender is an assistant working for and sending mail for From.
>
>
>
This is also precisely the situation I asked about during the session on
Dave's sender proposal.

Using the Sender header and the "snd" bits in the DMARC policy for
firstbrand.com, DMARC would pass for the Sender domain and fail for the
>From domain.

Which verdict gets applied to the message?

-- 

*Todd Herr* | Sr. Technical Program Manager
*e:* todd.herr@valimail.com
*p:* 703.220.4153


This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.