On Saturday, 10 October 2020 1:59:33 PM AEDT Demi M. Obenour wrote: > On 10/9/20 9:48 PM, Viktor Dukhovni wrote: > >> What are the semantics of a From: header with multiple addresses? > > > > The message purports to be the work of multiple authors. Such a message > > is required to have a "Sender" header, but in most cases that constraint > > is unlikely to be enforced. > > I love DKIM, but it should have been on the Sender header and not > the From header. However, for that to work, MUAs would have had to > display something like "f...@example.com claims that this message > is from f...@example.com and b...@example.com", and they do not. > That lead to the current design. With multiple authors in the From field you could sign with DKIM headers which align with each of the authors' sending domains and it would align for the purposes of DMARC, however the RFCs for DMARC punt on this situation and leave it up to the policy at the receiving MTA, which probably doesn't account for it given the rarity of such messages in the wild.
> > Demi
