On Wed 18/Apr/2018 01:46:26 +0200 Brandon Long wrote: > On Tue, Apr 17, 2018 at 4:16 AM Alessandro Vesely <ves...@tana.it> wrote: >> On Tue 17/Apr/2018 01:23:17 +0200 Brandon Long wrote: >>> On Mon, Apr 16, 2018 at 11:01 AM Alessandro Vesely <ves...@tana.it> wrote: >>>> On Wed 11/Apr/2018 04:35:54 +0200 Scott Kitterman wrote: >>>>> On Tuesday, April 10, 2018 11:48:48 PM Brandon Long wrote: >>>>>> >>>>>> Well, obviously there is some difference in handling of >>>>>> p=quarantine and p=none ;)>>>>>> >>>>>> I guess the question is, in terms of forwarders, should they >>>>>> handle those differently or not. I'm not sure how many are p=none >>>>>> vs p=quarantine vs no dmarc (I could look at our mail flow for >>>>>> some numbers, but some others on the list may have better >>>>>> numbers), but if a lot are at p=none, things will be yucky if it >>>>>> changes. Ie, right now, gmail.com/hotmail.com/outlook.com are all >>>>>> p=none, so changing Groups or mailman for p=none will affect a lot >>>>>> of folks.>>>>> >>>>> I'd have to rethink if p=none was really worth publishing if that >>>>> happened. >>>>> I guess we'd need p=none-really then. >>>> >>>> Given that From: rewriting is the de-facto standard, this WG should >>>> publish an RFC about that, including recommendations and caveats about how >>>> to do it. >>>> >>>> Its Security Considerations, for example, should mention cases like, say: >>>> >>>> From: The POTUS via phishing-attempt <obsc...@phisherman.example.com> >>>> X-Original-From: The POTUS <po...@whitehouse.gov> >>>> >>>> >>>> For a personal opinion, I don't know what is the purpose of having GG >>>> rewrite From:'s of a given domain. Perhaps, it is to let users >>>> participate to groups without revealing their real addresses to spammers. >>>> That sounds legitimate to me... >>> >>> Do you mean, that user's don't understand why some are rewritten and some >>> aren't? >> >> Some may understand. I recall when it was rather common to see addresses >> like, say, bl...@nospamgoogle.com, supposedly obvious to human >> subscribers. As email authentication took on, tools tended to disallow >> such kind of free editing of From: (a trend that possibly impacted >> negatively on posters' ability to understand email mechanisms.) Now, >> servers should supply something else to provide a similar grade of privacy >> to mailing list subscribers. The address >> blong=40google....@dmarc.ietf.org (to which I'm writing) results in a >> similar soft concealing as the former example. However, the >> X-Original-From betrays such purpose.> > Frankly, the number of people who did that was vanishingly small, and the > general utility of such things was also pretty tiny. The major mailing list > providers did a better job of just not publishing the email address unhidden > in the archives. You mean spammers would rather harvest from web archives than subscribe to mailing lists directly? Many lists restrict archive access, or have no archive at all.
I slightly disagree about the general utility of those tricks. The more spammers have to code around idioms such as "@NOSPAM" or "user at domain dot", the slipperier their harvesting. Anyway, what's the practical merit of X-Original-From or added Reply-To? Don't posters enjoy better privacy when From:-rewriter omit them? However old-fashioned, the @NOSPAM idiom had an advantage over =40...@, namely that it just bounced rather than creating duplicates[*]. Grr... fixing To: now. Ale -- [*] Hm... that might be a bug somewhere in dmarc-reverse handling. The copy collects four signatures by d=ietf.org instead of two as usual. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
