> -----Original Message----- > From: dmarc [mailto:[email protected]] On Behalf Of Stephen J. > Turnbull > Sent: Tuesday, March 10, 2015 2:35 PM > To: Terry Zink > Cc: [email protected] > Subject: Re: [dmarc-ietf] Sending email on behalf of? > > Terry Zink writes: > > > > And third (the killer) the recipients aren't going to recognize > > the > new > address, and so it's going to look as suspicious as the > > stupid > Outlook-style > headers. > > > > What's "stupid" about Outlook style headers? How should it look? > > Technically, maybe nothing, in the OP's case. Depends on how much > involvement the putative author (John Doe) has in composition or approval > of the message text. If "none", then I suppose the "on behalf of" in the > From field as displayed by Outlook has the semantics it normally has in > English: the NPO wrote and sent the message as the fully responsible agent > of John Doe, with no intervention from Mr. Doe. In most cases I see, > however, Sender is a robot Mediator, typically a mailing list. In those cases > the Outlook header display is the equivalent of "From the White House > Mailroom on behalf of Barack Obama". >
If it had the format you suggest it would almost certainly be fraudulent. If it was legitimate it would be from @eop.gov. > Practically, the OP's client NPO wants the message to look like a personal > invitation from an existing donor to another potential donor who is an > acquaintance. This is being done with the permission (at > least) of the existing donor. So I don't see why Outlook (or any MUA) would > fail to display it that way. > How does the recipient know that the NPO has permission? In fact, how does the recipient know that it is really the NPO if it is spoofing the existing donor's email address? > As far as I can see, if the message is legitimate (ie, has the permission of > the > existing donor and owner of the intended From address), the "on behalf of" > style is unuseful to anyone, and clearly confusing to many non-technical > users. I don't know of any cases where it's useful, given that illegitimate > messages can (and do) avoid suspicious display by the simple expedient of > omitting the Sender field. "Stupid" is perhaps unnecessarily derogatory, but > it's an idea that has proven to be more trouble than it's worth in practice, > and > it should be retired (or at least made an option). > > How should it look? How about > > From: John Doe <[email protected]> > Sender: NPO <[email protected]> > This is meaningless to the recipient in terms of authenticating the relationship or the From: if the From: email address is "spoofed". > or just > > From: John Doe <[email protected]> > This is meaningless to the recipient in terms of authenticating the relationship or the From: if the From: email address is "spoofed". It falls into the category of : "If you could read my mind". > for that matter? Sender is not very useful to the 99.44% of mail users who > aren't RFC nerds, since no MUA I know has a "report delivery problem to > sender" function (let alone a hotkey for it), and those users aren't going to > know that a problem with message delivery should be reported to Sender > (rather than From). > Sender in its present incarnation is not particularly useful, period. _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
