This is a beautiful proposal if one assumes that domain owners will want to change. Since we do not have them well represented in this discussion, it is a conclusion that needs to be tested.
I have pressed Dave on the issue of how good ML domains are to be distinguished from criminal domains, a request which has not been answered. We know that, after an edit, the only signature that can be valid is the signature of the editor's domain. The recipient domain can therefore be presented with two similar messages: - a well-formed message that is signed by the good MLM domain and purports to be on behalf of BigBank domain - a well-formed message that is signed by a criminal domain and purports to be on behalf of BigBank domain Dave apparently assumes that the recipient system can reliably assign reputation to the two messages based on the signature domain. This might be sufficient if the recipient domain had a reliable domain reputation system. As soon as one is invented, deployed, and universally trusted, we can embrace his proposal. Without another way to distinguish good MLMs from bad guys, I do not understand how rearranging headers adds anything other than obfuscation. DF -----Original Message----- From: dmarc [mailto:[email protected]] On Behalf Of Joseph Brennan Sent: Monday, July 13, 2020 2:28 PM To: IETF DMARC WG Subject: Re: [dmarc-ietf] DMARC Use of the RFC5322.Sender Header Field > > > > 2) draft-crocker-dmarc-sender > This is an elegant solution. It puts the burden of change-- creating a Sender field in all cases, and a variant DMARC record-- on the domain owner who wants to send mail and use DMARC rules. The use of Sender complies with RFC 5322, since it is optional whether to create Sender when it is the same address as From. With this implemented, developers of mailing list software can stop figuring out which way to violate RFC 5322 in order to make mail deliverable, and developers of clients do not have to create and display a new Author field. Big win, for widespread acceptance, I would say. -- Joseph Brennan Lead, Email and Systems Applications _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
