On 6/12/2020 4:02 AM, Alessandro Vesely wrote:
Hi all,
*From rewriting is the real thing*
==================================
Rewriting From: is the de-facto standard.
I don't support it.
In a (science-fictitious) scenario where all mailing lists
rewrite the From: header field, DMARC would just work
smoothly.
Occam's razor. The simplest and most honorable protocol solution is to
follow the specs. DMARC will work just fine without tampering with
headers if the list server simply honored the restrictive policy. It
works greats!!
A DKIM Policy compliant list server simply needs to do two things:
1) Prohibit new subscribers using addresses with restrictive domains,
just like it is done here:
https://secure.winserver.com/public/code/html-subscribe?list=winserver
2) Prohibit submission from existing subscribers using addresses with
restrictive domains. The existing subscriber becomes a read-only
subscriber.
We had very little complaints at the beginning. But the member, for is
own domain protection, had to use another list restrictive domain to
participate. Right now, it works this way and it works without complaints.
Hence, we have to specify an acceptable way to rewrite From:.
This is no acceptable way to tamper the mail in this way. But I did
suggest with following. For an example of what it did to my headers:
X-Original-From: Hector Santos <[email protected]>
From: Hector Santos <[email protected]>
In order to close the loophole the rewriting has opened, in addition,
to falsely associate my name with dmarc.ietf.org domain, the rewriter
needs to use a signer domain that matches the original protection.
dmarc.ietf.org is currently using::
v=DMARC1; p=none;
rua=mailto:[email protected],mailto:[email protected]
The dmarc.ietg.org policy should be, at a minimum, p=quarantine.
dmarc.ietf.org is only used for rewriting when the submission has a
restrictive author domain, so the dmarc.ietf.org should be restrictive.
--
Hector Santos,
https://secure.santronics.com
https://twitter.com/hectorsantos
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
