On 12/6/20 5:40 AM, Alessandro Vesely wrote:
On Sun 06/Dec/2020 02:34:45 +0100 Michael Thomas wrote:
5) The work you and Alessandro have done with reverse transformation
is more likely to produce a solution for the mailing lists. The
lists will continue to do From rewrite, but reverse-transform
recipients can validate the true source of the message and restore
the From if desired.
I'm starting to get a little more serious about my quip that the MLM
can insert a sed script in a header to unmangle the message since it
knows what transforms it has done, unlike the receiving MTA trying to
guess the common transformations.
But then the receiving MTA will have to guess whether the sed script
considerably alters the intended meaning of the message. For example,
does it change a bank account number?
This actually highlights why my observation is correct. If the
intermediary showed how to reverse their changes perfectly to be able to
validate the original signature, it says nothing about whether those
changes to be delivered to the recipient are acceptable to the
originating domain. for the case of a bank sending me sensitive mail,
the answer is that it is never ok. for somebody working on internet
standards working on ietf lists, the answer is that it is fine. hence
trying to get two states of the one "reject" is insufficient.
Mike
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
