On 14/07/2020 22:23, Dave Crocker wrote:
On 7/14/2020 1:17 PM, Doug Foster wrote:
Without another way to distinguish good MLMs from bad guys, I do not
understand how rearranging headers adds anything other than obfuscation.
I'll claim that this change does not meaningful change any of the threat
vectors or protections against them that are currently in place.
Note, for example, that we already have mailing lists disabling DMARC
protection on the From field, in a way that distorts the original information
but actually also still retains it. There do not seem to be any complaints
about the handling resulting from such mail.
Right. I complain about MLMs _not disabling_ DMARC protection.
Rather, this proposal cleans up the email human factors while retaining the
intended domain name protection.
While it's true that header munging miseducates users, this relief is worse
than the pain itself. It does not, in fact, retain domain protection.
ps. I was really struck by being pointed to the DomainKeys RFC and
re-discovering that it actually specified the use of 822.sender for exactly the
use I've proposed. I'd completely forgotten that Delaney did that.
I agree that sender signatures are more important than others. My DKIM/DMARC
filter sorts them after author's signatures, but before any other 3rd party's
ones. That ordering is reflected in DMARC reports.
Perhaps we could formalize Sender:'s role by inventing some kind of p=some,
which requires Sender: alignment. The From: domain has to remain the consumer
of aggregate reports. That way it can learn which senders redistribute its mail.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
