0

Most of email clients shows "on behalf", "via" suffixes next to "From" email address if its domain differs from domains of Email Authentications ("Return-Path" email's domain for SPF, "d=" key value for DKIM, for instance). This raises questions:

  • What are the rules which should be applied to domain comparison? Top-level domain comparison?
  • Is there a standard for this kind of domain comparison?
  • Is it up to a particular email client to decide how to compare domains?

Gmail allows to use subdomain (for instance, foo.exmaple.com) in Email Authentication and to have top-level domain (example.com) or even another subdomain (bar.example.com) in "From" field without "Via" information. Do other client behave same way?

origaminal
  • 101
  • 2

1 Answers1

0

totally up to the the client, via or on behalf is used when the mail from and from header do not match...equally up to them to respect spf rejection, dkim rejection, and dmarc quarantine or reject .

Related RFCs simply recommend handling of the email, since many ..most email admins, either ignorant or otherwise, do not care if their email is abused for spam until it inhibits their business.

Google does a good job at adding some end user indication of unverified sender addresses, Outlook does not (by default) personally I categorized email by level of authentication source and tls encryption.

Jacob Evans
  • 7,636
  • 3
  • 25
  • 55