On 3/21/2015 9:41 AM, Stephen J. Turnbull wrote: > Dave Crocker writes: > > > From: happens to be the only place that always has the presence of a > > domain associated with the origin. > > Except it doesn't always have a domain associated with the originating > MTA,
Well, I said 'origin' and not 'originator' but yeah, I should have thought of a more generic term. I meant not to invoke 'originator' and meant mean "something around the creation of the message, such as author, originator, gateway mta, whatever..."[*] > and there's nothing in RFC 5322 that says it does. RFC 5322 says > you shouldn't put an address in From that you don't have the right to > use, not that it must be aligned with the domain of the injecting MTA. Thanks for the refresher. > So I must be missing something, because it seems to me that you've got > the DMARC From alignment tail wagging the whole RFC 5322 dog here. No idea what you mean. > > And note that without DMARC, these days users typically don't see > > the domain. In other words, it isn't presented to the user. This > > inconvenient fact is ignored or dismissed every time someone touts > > the user's role in DMARC. > > What's so inconvenient about it? Folks tend to promote DMARC's choice of From field due to the fact that it's presented to the end-user, as if the end-user will behave differently with DMARC active. The end-user won't. They mostly don't see the domain name, and it mostly doesn't matter when they do. On the other hand, the fact that the From field is the only domain name reliably associated with content creation and that receiving filtering engines can do an assessment of validity when DMARC validates, is extremely meaningful. But there is no 'user' in the handling equation for DMARC. There may be other > subtle channels by which the address can influence user behavior > without being displayed as a character string. And sometimes it is > presented as a string. > > Note that these "subtle channels" are MUA functions, and thus outside > the purview of current MTA-based DMARC implementations. I think it's > quite valid to emphasize the user's role here. Subtle channels is a fun idea. Unfortunately there is an infinite number of fun ideas. Perhaps you can cite some empirical research evidence of its relevance to this topic? d/ [*] However note that the essence of DMARC is a /very/ tight coupling between content author's domain owner and the originator. -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
