> On Apr 2, 2015, at 11:08 AM, John Levine <[email protected]> wrote: > >> Handled by whom? If we're talking about telling MUAs "Don't render the >> unsigned part of the content the same way as the signed content", then a >> bunch of additional complexities begin to appear: > > We went over all of this ages ago when DKIM was young. It should all be > in the DKIM WG archives. > >> - We're wandering into conversations about how MUAs should interact with >> users, which this community typically avoids like a terrible allergy > > No kidding. I see no reason to expect that mail recipients would do > anything useful with differently colored parts of the message. > Punting security decisions to users usually seems to train the users > to push whatever button makes the warning go away. > > Also, when we went down this rathole before, we noted that MIME > provides an enormous range of ways to make both malicious and benign > changes to a message body, and l= doesn't begin to scratch the mites > on the dust on the surface.
Dear John, The goal is to prevent recipients from seeing non-aligned Froms signifying a domain seeking DMARC protection. This may significantly affect third-partys causing DMARC alignment failures. In such cases, a remedy likely requires modification of From domains. The TPA-Label scheme envisioned a DMARC extension to assert domains seeking protection will separately authorize various third-partys confirmed by various methods. It is now clear, ESPs (ab)using DMARC have no interest in managing exceptions, with their lack of interest likely remaining true when expecting them to add provisions for the destinations of their user's messages. I'll attempt to put together an I-D that includes provisions for supporting both mailing-lists and SMTP gateways without changing DKIM or SPF, or expecting ESP cooperation. The work is to be done by those affected by DMARC and not rightfully the (ab)using ESP, acquiescing to the view might makes right. Regards, Douglas Otis _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
