On Tue 17/Apr/2018 01:23:17 +0200 Brandon Long wrote: > On Mon, Apr 16, 2018 at 11:01 AM Alessandro Vesely <ves...@tana.it> wrote: >> On Wed 11/Apr/2018 04:35:54 +0200 Scott Kitterman wrote: >>> On Tuesday, April 10, 2018 11:48:48 PM Brandon Long wrote: >>>> >>>> Well, obviously there is some difference in handling of p=quarantine and >>>> p=none ;) >>>> >>>> I guess the question is, in terms of forwarders, should they handle >>>> those differently or not. I'm not sure how many are p=none vs >>>> p=quarantine vs no dmarc (I could look at our mail flow for some >>>> numbers, but some others on the list may have better numbers), but if >>>> a lot are at p=none, things will be yucky if it changes. Ie, right >>>> now, gmail.com/hotmail.com/outlook.com are all p=none, so changing >>>> Groups or mailman for p=none will affect a lot of folks.>>> >>> I'd have to rethink if p=none was really worth publishing if that happened. >>> I >>> guess we'd need p=none-really then. >> >> Given that From: rewriting is the de-facto standard, this WG should >> publish an RFC about that, including recommendations and caveats about how >> to do it.>> >> Its Security Considerations, for example, should mention cases like, say: >> >> From: The POTUS via phishing-attempt <obsc...@phisherman.example.com> >> X-Original-From: The POTUS <po...@whitehouse.gov> >> >> >> For a personal opinion, I don't know what is the purpose of having GG >> rewrite From:'s of a given domain. Perhaps, it is to let users >> participate to groups without revealing their real addresses to spammers. >> That sounds legitimate to me...> > Do you mean, that user's don't understand why some are rewritten and some > aren't?
Some may understand. I recall when it was rather common to see addresses like, say, bl...@nospamgoogle.com, supposedly obvious to human subscribers. As email authentication took on, tools tended to disallow such kind of free editing of From: (a trend that possibly impacted negatively on posters' ability to understand email mechanisms.) Now, servers should supply something else to provide a similar grade of privacy to mailing list subscribers. The address blong=40google....@dmarc.ietf.org (to which I'm writing) results in a similar soft concealing as the former example. However, the X-Original-From betrays such purpose. > That's definitely true, and an interesting question as to whether Groups > should always rewrite. Yes, and I bet there are various other interesting questions as well. rfc7960 quickly covers the whole topic in the first bullet of Section 4.1.3.3. And, as an informative rfc, it makes no recommendations. This WG can do better than that. Ale -- _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
