On 6/2/2020 8:45 PM, Douglas E. Foster wrote:
Someone said that the Sender Address is all we can trust. Nonsense.
+1
As to identifiers: The RFC 5321 MAILFROM sender is intended, at least
in my understanding, to represent the login account used to create the
message, while the RFC 5322 From Header represents the "speaker", the
person whose ideas are being represented by the content. It matters if
someone puts words in someone else's mouth, and From fraud is exactly
that type of fraud.
You bring up a basic fundamental reason what the 5322.From field is
the only signature binding requirement for DKIM. When it comes to
exclusive mail, it is the anchor that is associated with:
- Login Account
- The Alias or Display Name,
- The Default From name for local messages
and if the message is exported for a network mail system then we have
the additional related identities:
- 5322.From
- 5321.Mail From
In the restrictive DKIM Policy Model, all these identities are closely
tied together. They are usually represented and traceable to one
person and thus illustrating the long time "Proof Of Concept" that a
restrictive DKIM Policy is so powerful, "It's Scary!" A break or
deviation from this expectation is a strong candidate for rejection.
I simply cannot grasp how DMARC conflicts with RFC 5321 or RFC 5322,
inhibits authorship, or creates any other attribution problem. This
assertion was simply not explained.
I believe they are simply catching up with the list problem. Thats all.
The problem was recognized long ago with SSP, ADSP. But when ADSP was
abandoned for these lists problem and replaced with DMARC, the list
problem was no longer a concern but DMARC did not resolve the list
problem and it appears DMARC "Proposed Standard" will not try to
address it.
--
HLS
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
