> On 4 Jan 2021, at 11:50, Alessandro Vesely <[email protected]> wrote: > > > >> Lets define "legitimate mail" as used in my proposed text to mean "delivery >> is desired by the intended recipient and the message contains nothing that >> threatens the interest of the user, the interest of the user's network, or >> the policies of the user's organization." Perhaps this is too >> restrictive, because it excludes advertising which is harmless in its >> intent but unwanted by the recipient. > > > Having advertisements come /From: advertiser/ is a goal.
Yes. [snip] >> Email evaluation products need to handle all possible scenarios. This >> includes >> - forwarded and not forwarded >> - with and without SMTP rewrite >> - with and without modification. >> - with and without From rewrite >> - with and without ARC sets >> - whether the email header chain is accurately documented or fraudulently >> fabricated. > > Girl Scout troops will inevitably fall in the not forwarded category. ESP > messages, instead, should come /From: ESP/. This incompatible with the above goal of having advertisements come from the advertiser. I find it highly problematic that we’re teaching recipients that they get official mail from companies that come from an address that is not connected to the company at all. It further devalues the 5322.from and means that recipients cannot trust the domains that the see there. This is even more true when the domain is one they’ve never heard of and passes all of the checks and comes in with a ‘verified by DMARC.’ There is absolutely nothing stopping a phisher from taking advantage of this. In fact, phishers currently do send DMARC verified email where the domain in the 5322.from is unrelated to the links in the message or to the domain being phished. This seems to me to be a step along the path of making DMARC irrelevant by teaching recipients that mail with a 5322.from address they don’t recognize is legitimate email. laura -- Having an Email Crisis? We can help! 800 823-9674 Laura Atkins Word to the Wise [email protected] (650) 437-0741 Email Delivery Blog: https://wordtothewise.com/blog
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
