On 5/30/2014 5:49 PM, J. Gomez wrote:
Ah, but "just like" is a complete misstatement of the situation.
There's a big difference. Users on a mailing list think of the
poster, not the mailing list, as responsible for the content. So
according to RFC 5322, the poster's mailbox belongs in From:.
Remailed or not, the author belongs there.
That is debatable. As long as the mailing list program tampers with the message's
content, rendering its DKIM signature invalid, it can be argued that the mailing list
program is rewriting the message's content, and therefore that the mailing list program
now becomes "the system responsible for the writing of the message" (as per RFC
5322 parlance, section 3.6.2), and thus the mailing list address would earn its
legitimate place in the Header-From field, making interoperability with rogue DMARC
Senders a solved problem.
In my book, this is mail tampering. It will be hard to justify adding
support for this radical behavior in our mail list server product
which puts customers at risk. You are putting yourself at product
liability risk but intentionally defying a security protocol against
the wishes of the publishing restrictive domain. Of course, its only
becomes a problem when its used as a loophole to further spread
harmful mail and someone actually gets harmed. Thats all you have to
prove in a courtroom. If you had all the tools before you to tell
you definitively, "This is unauthorized mail" and you intentionally,
deliberately and neglectfully ignore it, do nothing about it but
further distribute to end points, well, who knows what a young punk,
tech savvy, high tech, new age lawyer will think about suing you. If
you got deep pockets, well, don't think it can't happen.
It is this sort of mentality that completely makes this old game no
more fun to work with. Seriously.
We can do it right. All we have to do is LOOKUP the policy and follow
it. Give the YAHOOs the tools to authorize the resigners and you and
I won't have these new ethical problems to content with.
--
HLS
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
