Is not the whole point of your proposal to allow the MLM to authenticate the message based on the MLM domain signature alone, while presenting the document as originating from another domain? That is the very behavior that DMARC is trying to prevent.
But since MLM editing is so important to you and others, it would be helpful if someone would document: - what changes need to be made by an MLM? - what objective is achieved by those changes? - why MLM editing is the best way to achieve those objectives? - what impact would occur if the MLM stopped editing and had to pursue those objectives with other measures? We cannot adequately address a requirement that has not been defined. DF -----Original Message----- From: dmarc [mailto:[email protected]] On Behalf Of Dave Crocker Sent: Tuesday, July 14, 2020 12:09 PM To: [email protected] Subject: Re: [dmarc-ietf] DMARC Use of the RFC5322.Sender Header Field On 7/14/2020 8:39 AM, John Levine wrote: > In article <[email protected]>, > Dave Crocker <[email protected]> wrote: >> On 7/14/2020 2:52 AM, Alessandro Vesely wrote: >>> And phishers can also send mail From: fm.bank and Sender: >>> regleissei.icu. To publish a DMARC policy would avail Farmers & >>> Merchants nothing, then. >> If regleissei.icu publishes a DMARC record and indicates support for >> use of Sender:, per the proposal, please explain exactly what bad >> things will happen, in the case you offer. > It makes the assessment process quadratically more complicated. Now > the question is both whether this from regleissei.icu, but what do we > know about its relationship with fm.bank. > > Admittedly, since a lot of MUAs display neither From nor Sender > address, it's not clear how much this matters. What is, or is not, displayed is irrelevant, since that has nothing to do with meaningful protection. Analysis by the filtering subsystem is quite another and more important matter. So I'll rephrase my question: Please compare and contrast how analysis is done now versus how it would be done with this proposal, and what dangers are created or made worse as a result of this proposal. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
