On Fri, Oct 09, 2020 at 10:59:33PM -0400, Demi M. Obenour wrote:
> I love DKIM, but it should have been on the Sender header and not
> the From header. However, for that to work, MUAs would have had to
> display something like "f...@example.com claims that this message
> is from f...@example.com and b...@example.com", and they do not.
Actually, Outlook does exactly that, and other MUAs would have come on
board if there was good cause to do that. At this point however, nobody
is investing much many in MUA development. All the $$$ are going into
walled-garden cloud webmail systems. :-(
> That lead to the current design.
You're perhaps confusing DKIM with DMARC. DKIM just signs the message
content and whatever headers it is configured to sign. It is mere
integrity protection, not policy. The signing domain is determined from
the selector and the "d" field in the DKIM header, and is not tied to
either From or Sender.
DKIM is fine. The actual breakage is in DMARC.
--
Viktor.
