On Mon 27/Jul/2020 22:12:17 +0200 Joseph Brennan wrote:
On 7/27/2020 11:14 AM, Alessandro Vesely wrote:
Let's say I have From: real.bank, and Sender: phisher.example. The
above text seems to imply the receiver is looking up
_dmarc.phisher.example. Correct?
Avoiding it by redefining From: to serve the former purpose of Sender: and
creating a new Author: to serve the former purpose of From: seems to me to
start us down a long road of new header fields every couple of years. They
are just names.
In the pre-DMARC era, we've been mainly using just From:. Sender: is used by
Outlook to display "on behalf of" catchphrase, presumably in an attempt to
support the historic Sender-Id protocol. Otherwise, Sender: never had
traction. DMARC did put an extra accent on From:, thereby projecting the
community into a /new territory/, to use Dave's words.
Introducing Sender: and Author: can allow to tone down DMARC rules. They were
designed presuming that only a few domains, where email is not used for
personal correspondence, would use the protocol. For example, messages cannot
have multiple authors, and cannot be forwarded with modifications. Somewhat
Procrustean for day to day messaging.
From: rewriting is an obnoxious hack. Yet it's the only possibility for MLMs,
currently. By (re-)introducing those two header fields, we can bevel DMARC
rules, paying attention not to pervert the overall shape. Three identifiers
allow better tuning than just one. If we do a good job, it won't be necessary
to redo it every couple of years...
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
