On 7/27/2020 11:14 AM, Alessandro Vesely wrote:
In various places, the I-D talks about a /domain owner/, but it is not
always so clear whose domain owner is meant, in case they differ.
For example, in *Domain Owner Actions*:
snd: When present, this tag signals that mail originated by the
domain owner MAY have a RFC5322.Sender field, as well as a
RFC5322.From field and that evaluation MAY be based on the domain
name in the RFC5322.Sender field.
This is a parameter for a record under a domain name. Is it really not
clear who is referred to by 'domain owner' here? What other
interpretation is plausible?
However "originated by" is poor wording and should probably be something
like "authorized by".
I understand that as a permission that a domain owner grants (to
anyone?) to resend mail from its domain if it is correctly authenticated.
However, following instructions give the opposite impression. In
*Determine Handling Policy*:
Sender: Extract the RFC5322.Sender domain from the message.
Query the DNS for a DMARC policy record.
Perform remaining, numbered steps, if one is found and it
contains an "snd" tag.
Let's say I have From: real.bank, and Sender: phisher.example. The
above text seems to imply the receiver is looking up
_dmarc.phisher.example. Correct?
yes.
Next step 4 apparently entails that aggregate reports are sent to both
From: and Sender:. That sounds solid, but not practical. A MLM needs
to apply From: rewriting until it sees that all (or most) receivers
look for Sender:. How?
The reality associated with that 'until' is what motivated moving this
proposal from using Sender as an /alternative/ to From: to instead being
/in addition to/. The heuristic of "until it sees that all (or most)
receivers look for Sender:" sounds nice, but is entirely indefinite.
Worse, as you note, the 'how' doesn't have an answer. So the spec does
not suggest any meaningful endpoint.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
