On 13-12-21 18:52, Franck Martin via mailop wrote:
I checked it way back, and nearly all the cases were due to configuration errors on the sender part. It is not a feature that is actively used in the wild. I don’t know of any email client that allows you to do that. So someone needs to craft a specific message and inject it. Now, when DMARC was brought in, having 2 different domains in the RFC 5322 from: does not allow DMARC to function. Technically, DMARC can work if all the domains in the RFC5322 from are the same, but I guess it is just easier to reject such message as the impact is close to zero and often multiple From is just a strong signal of badness/spam.
I agree with Franck.
Multiple addresses in the From: is extremely rare. At XS4ALL, we've been
rejecting such messages since we implemented DMARC in 2012. The only rejects I
ever saw were from misconfigured senders. We received zero complaints in the 9
years we've been doing this.
Or rather, now that I look at the code... we reject messages with multiple
addresses in the From: provided they are from different domains. Note that we
always reject, even if none of the domains have dmarc records. But, again, I
haven't seen it happen.
--
Jan-Pieter Cornet<joh...@xs4all.nl>
"Any sufficiently advanced incompetence is indistinguishable from malice."
- Grey's Law
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
