Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

Tue, 02 Jun 2020 12:51:57 -0700 

On 6/2/2020 12:32 PM, Pete Resnick wrote:

On 2 Jun 2020, at 13:29, Dave Crocker wrote:


On 6/2/2020 11:12 AM, Pete Resnick wrote:

On 2 Jun 2020, at 13:01, Dave Crocker wrote:
There's no reason that DMARC couldn't have included the sender or tried to have some kind of 
PRA like spf v2... but that's not the goal.
But the Sender: field is not reliably present and, of course, DMARC needs an identifier that is reliably present.
Dave, could you explain that? Coding-wise, there's surely no reason that an implementation can't say, "if 5322.sender is present then sender = 5322.sender else sender = 5322.from". So you could say that the identifier of sender is reliably present, since it's taken from 5322.from if 5322.sender isn't present. But maybe I'm missing something. Please explain.
Not sure what you are asking.  What I mean is that it isn't always present.
If Sender: contains the same address as From:, then Sender does not have to be present, and often/usually isn't. 

Well, that's the field, not its value.
So when someone comes along and changes From: -- such as to hack around the DMARC problem for intermediaries -- the semantic of the Sender information is lost.
If you do change the From, you should always add a Sender. (Or is your point that implementer's don't, and that's the problem?)
Except that there's nothing that specifies that and I believe it isn't common practice.  Worse, creating that field in mid-stream does not fix the problem that now the author information is lost.
The actual requirement is to have the Sender field always be present at the time of original posting, and have DMARC work from the Sender field.  But since none of that is going to happen, I'm looking for a path to providing clean original-author information that is practical.
What I'm missing is why the lack of an actual Sender: header field is problematic.
Because DMARC should have focused on the Sender field, not the From field, since it is really about the email operator, not the author. 


d/

--
Dave Crocker
Brandenburg InternetWorking
bbiw.net

_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to