On September 14, 2014 10:40:51 AM EDT, Hector Santos <hsantos@xxxxxxxx> wrote: > >On Sep 13, 2014, at 9:49 AM, "John Levine" <johnl@xxxxxxxxx> wrote: > >>> Agreed, but just wanted to add one thing- doesn't the details of the >whether the sender >>> has to align or not depends on whether SPF or DKIM is used as the >authentication method? >> >> No. Neither DKIM nor SPF have any connection to either the From: or >> Sender: header other than what DMARC is trying to do. > >DKIM has a required hash bind to the 5322.From field data -- the only >5322 header signing requirement in DKIM. It's burned into the now DKIM >now STD level specification. That's not a DMARC requirement, but one >DMARC relies on having with DKIM. > >Maybe an errata is in order? The field is required to be signed. It's not required to have any particular value. It's most certainly not required to be related to the signing domain in any way (which is what DMARC does). Scott K