On Fri 08/Oct/2021 17:41:58 +0200 Scott Kitterman wrote:
On Friday, October 8, 2021 7:59:39 AM EDT Alessandro Vesely wrote:
>>> Any mechanism that rewrites the address alone gives a wrong idea of the
>>> contact point and thus possibly "hijacks" communication attempts. The
>>> present proposal is especially egregious in that is does so without any
>>> hint to the reader. […]
>>
>> The "via IETF" or similar wording /is/ a hint. It is both a hint to the
>> user and a disambiguator for automated address books. This too should
>> be mentioned in the draft.
>
> The draft should be much clarified: I had understood it would use the
> name alone by default, with some configuration possible for subscribed
> users (N.B.: not every list is subscriber-only).
>
> Still, you're only answering the *easy half* of my paragraph: the hard
> part is the author's real contact address no more being accessible (with
> "traditional" munging, you can at least try and guess it; with this
> draft, you can't even).
The Author: header field seems to fit this need. IMHO, it is the author's
domain DKIM filter which should take the burden to duplicate the content of
From: into that new field. RFC 9057 allows MLMs to do that as well. The
semantic may differ accordingly, so perhaps the author's domain should sign
Author: in order to make it clear.
The desktop MUA I use already has "Reply to Author". Unsurprisingly it uses
From as the identity to use as "Author".
I imagine it is going to stay that way for several years. Perhaps it's quicker
to unmunge on delivery.
It's not clear to me which you mean by author's domain? Are you suggesting
that the email originator include both Author and From
Yes.
and DKIM sign Author instead of From?
No, they should sign both.
For one thing, if the author's domain sign Author:, they should deserve a copy
of DMARC report even if From: was rewritten (especially if the receiver tried
to unmunge.)
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
