Hi,
On 25/11/2020 19:24, Jesse Thompson wrote:
On 11/25/20 11:30 AM, Alessandro Vesely wrote:
Without resorting to ARC, it is still possible to validate author domain's signatures
directly if the MLM just adds a subject tag and a footer, like, for example, this list
does. While ARC solves "deep" forwarding problems, which may arise in the
context of email address portability, MLM transformation reversion solves the simpler
mailing list problem, including reverting munged From:'s.
I agree that ARC isn't really needed to do this (trust the last hop from the
MLM and determine the original authenticity from the MLM's perspective)
I didn't mean to trust the MLM. I meant remove the subject tag and the footer,
then the original DKIM signature verifies. See:
https://datatracker.ietf.org/doc/draft-vesely-dmarc-mlm-transform/
Plus, if it eventually solves the "deep" forwarding issue, then ARC is
certainly better than trying to follow received header chains, etc.
IMHO, that's where the real value or ARC lies. Large mailbox providers forward
lots of messages to one another, as set up by users, and they seem to prefer to
forward messages anyway rather than filter before forwarding. That's what John
reported in:
https://mailarchive.ietf.org/arch/msg/dmarc/OmTzwzP9GuE1oF5m1TvUZVA799c
Anecdotally, after much debate, our team is leaning more towards *not*
reverting munged From:'s from our own MLM
1. Until ARC has a reputation model that is commonly adopted, header munging
isn't going to subside. I still find MLM operators who are just now realizing
that they have to munge messages. We need to tell users that this is the new,
growing, reality.
Yup.
2. If we only unmunge for our own domains' users' authoring messages to our own MLM, it
has limited overall effect, and it distorts the user-reality story from point #1. We
would have to unmunge for all domains' authors sending to all "trusted" MLMs in
order to give the users what they expect from their prior reality.
3. Since we can only unmunge for our own recipients, it just creates an
inconsistent experience on top of the already inconsistent experience of the
conditional munging most MLMs do based on the authors' DMARC policies.
If the original signature verifies, each MDA can restore the unmunged From:
right before committing to local storage. That way, the rewritten From:
becomes a transfer artifact, not seen by users.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
