On 6/18/2020 12:46 AM, Alessandro Vesely wrote:
"Authoring" can have subtly different acceptations, though. The exact
sentence is:
The "From:" field specifies the author(s) of the message,
that is, the mailbox(es) of the person(s) or system(s) responsible
for the writing of the message.
[https://tools.ietf.org/html/rfc5322#section-3.6.2]
That is not so far from real. The term "writing" sounds ambiguous, as
it is not clear whether it means "typing" or "publishing", in the case
of public mailing lists. Given that Sender: is dedicated to the
typist, I'd opt for the latter interpretation.
In simple terms, author is the creator of the content and sender is the
agent for getting the content processed. The latter was distinguished
to provide a means of improving accountability if there were problems.
When SMTP was created, later, MailFrom was added as an address for
sending message handling reports.
When first specified, Sender: was to cover the case of someone doing the
online work, on behalf of authors who weren't online, or at least not
online for processing the message. Back in those days, that was not
uncommon. Even if the author officially had an online presence, they
often did not do the typing.
(To underscore this a bit: in most of the business world, knowing how to
type was deemed a menial, secretarial skill and not appropriate for an
executive. To carry this a bit further: around the time RFC733 was
developed, in 1977, I managed to get the person in charge of department
administration functions to authorize my getting a desk with a
right-hand return, where a secretary's typewriter would go, and where I
put my terminal. This was extremely unusual and the immediate, similar
requests from all the other staff like me were rejected. Also, when I
announced my departure, the next year, the admin was instantly flooded
with requests for my desk...)
For most email, From: and Sender: are the same person (and the same
email address.) This fact was the reason the original specification of
Sender: in RFC 733 only required an explicit Sender: field be present
when the addresses are different.
For today, these same abstract constructs have -- or should have -- only
slightly different application. From: is still supposed to be the
author, which remains the creator of the (original) content. Sender:
could be any separate party responsible for processing the message.
So, in abstract terms, if I go to a greeting card site and have it send
a greeting on my behalf, the From: field should be my own email address
and Sender: should an address at the greeting card company. But I said
'abstract' because current realities mean this isn't as useful an
arrangement as the theory intended.
I believe this is because Sender: is not reliably present. Hence, it
literally cannot be relied upon. The Sender field is not created
reliably to indicate such distinctions and the receive side does not
reliable note the distinctions.
For a newspaper, if you pardon the analogy, the masthead is more
visible than columnist signatures at the end of the articles. For a
mailing list, publisher visibility used to be provided by subject
tags, leaving the From: intact. Why? Presumably, because it just
worked that way. However, if the MLM is the system responsible for
writing, not modifying From: should be considered a violation.
If a Mediator makes 'substantial' changes to a message, then it can be
considered a new and different message? Yes, but note that we have no
objective criteria for this. That's why I class this reference to
'publisher' as a business issue rather than a technical one. (And an
ethical one, as some wayward journalists discover when they claim to be
quoting someone but it turns out the reporter invented the content.)
However I think that referencing the role of an MLM as 'publisher' can
be helpful to remind us that MLMs have their own agency and can,
legitimately, make all sorts of changes. Whether authors and recipients
like those changes is a non-technical matter.
The practical problem with From: field munging by MLMs that are
otherwise trying to relay a largely-unmodified messages, is that they
effective destroy author information, by putting in a different email
address.
In practical terms, today, the MLMs arguably don't have a choice. But
it still can be helpful to understand the problems created by this
alternation.
My understanding of the meaning that DMARC added was, "The author of
this
message, as expressed in the From: field, always has their messages
properly
signed by the domain in the From: address." You seem to be saying
that, no,
what DMARC did was changed the semantic to be, "The From: field now
represents the transmitter of the message (as used to be expressed in
the
Sender: field when present), not the author, and that transmitter
always has
their messages properly signed by the domain in the From: address".
For reference, I consider this an accurate summary of why I say that the
From: field semantic is changed as a result of DMARC. Specifically so
that mailing list mail can be delivered.
Sender: was not meant to be the transmitter in that sense. It was
meant to be the secretary who writes on behalf of a responsible person
or system.
RFC 5322 has preserved the semantic of the Sender: field:
"The "Sender:" field specifies the mailbox of the agent
responsible for the actual transmission of the message. "
I consider that to be exactly the role the MLM is performing.
RFC 5322 says display names are "associated" to a mailbox.
I don't see such language in RFC 5322. In fact, other than the ABNF for
display-name, I don't see any explanation of its semantic.
Certainly, changing just the addr-spec breaks the association and
wreaks havoc to address books.
Exactly.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
