On Thu, 15 Nov 2018, Michael Casadevall wrote:
The short version here is that the From: and To: field is specifically set by the user, and is used in SMTP specifically as the MAIL FROM and RCPT TO commands.
No, you're confusing the message body, which is what S/MIME signs, and the SMTP envelope, which is outside the scope of S/MIME. In an EAI message the addresses in the To: and From: headers should use U-labels. A-labels are allowed but not encouraged.
- If DANE is being used, the outbound server checks TLSA records after STARTTLS
That is completely unrelated, verifying the name of the mail server which has nothing at all to do with any To: or From: header.
- IDN translation happens if necessary, standard SMTP processing happens here. MX records are downloaded, checks against DKIM/SPF run against the A-label of the From field address
Sorry, more confusion. SPF checks against the message envelope, DKIM checks against the DKIM-Signature header. Neither looks at the addresses in the To: or From: fields. DMARC tries to match the From: address with the SPF or DKIM identity but that's even less related to S/MIME. Regards, John Levine, john.levine@standcore.com Standcore LLC