Other uses of indirect mail: My university offered an alumni account implemented as a relay to whatever hosting service I was using at the moment. Never took them up on it, and glad that I did not. Perhaps RFC 7960 talked about that scenario, because I think I have seen it mentioned in an IETF document.
Header munging vs Alternatives: Header munging vs. Perfect author attribution I have been considering an alternative world where header munging is eliminated because author content is not modified and therefore author identified is fully verifiable using DKIM and DMARC. Several concerns come to mind: We do a fair amount of geographic filtering, so some of the postings to this list would be blocked, because of coming from countries where we do not do business. Header munging provides a single point of origin; if one message is allowed through the geographic filters, then all messages will be allowed through. If an exception is needed, the list member and system manager can be confident that only a single exception is necessary. One of the reasons that IETF breaks DKIM is because it converts everything to a plain text. This is a significant security benefit, by lowering the threat potential of the message. It makes the IETF messages more trustworthy than if they came to me directly from the author. Other mailing lists may use other criteria, but they should all use some sort of filtering to protect their reputation and their members. Header munging allows me to distinguish between IETF-filtered traffic and other traffic. As an extension of that point, successful sender authentication establishes identity, but it does not establish trust. Trust is assigned by the recipient, largely based on experience, so message from unrecognized senders is given a low trust level by default. I know how to trust IETF. I do not know whether to trust the next random person who contributes to this mailing list. ARC assumes that after a user subscribes to a mailing list, he negotiates with his I.T. staff to have the mailing list operator authorized. I expect this to be problematic for many users. To mitigate these concerns, the non-munging solution would presume that recipient systems have the ability to filter differently between ( unknown sender + known mailing list ) and ( unknown sender without mailing list ). To prevent spoofing of the mailing list, list identity would need to be verified as well as author identity. As we add complexity to the inbound mail process design, some extra processing logic is applied to all messages, not just the mailing list messages. How many filtering solutions will be unable or unwilling to add this complexity? Others have already noted that the mailing list operator must choose a configuration without knowledge of what capabilities will exist in the receiving system message filter. This seems to limit the range of possible solutions. Given all of that, I think a non-munging solution would be more problematic for me than what IETF is already doing. DF
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
