On October 8, 2021 4:01:30 PM UTC, Alessandro Vesely <ves...@tana.it> wrote: >On Fri 08/Oct/2021 17:41:58 +0200 Scott Kitterman wrote: >> On Friday, October 8, 2021 7:59:39 AM EDT Alessandro Vesely wrote: >>> >>> Any mechanism that rewrites the address alone gives a wrong idea of the >>> >>> contact point and thus possibly "hijacks" communication attempts. The >>> >>> present proposal is especially egregious in that is does so without any >>> >>> hint to the reader. […] >>> >> >>> >> The "via IETF" or similar wording /is/ a hint. It is both a hint to the >>> >> user and a disambiguator for automated address books. This too should >>> >> be mentioned in the draft. >>> > >>> > The draft should be much clarified: I had understood it would use the >>> > name alone by default, with some configuration possible for subscribed >>> > users (N.B.: not every list is subscriber-only). >>> > >>> > Still, you're only answering the *easy half* of my paragraph: the hard >>> > part is the author's real contact address no more being accessible (with >>> > "traditional" munging, you can at least try and guess it; with this >>> > draft, you can't even). >>> >>> The Author: header field seems to fit this need. IMHO, it is the author's >>> domain DKIM filter which should take the burden to duplicate the content of >>> From: into that new field. RFC 9057 allows MLMs to do that as well. The >>> semantic may differ accordingly, so perhaps the author's domain should sign >>> Author: in order to make it clear. >> >> The desktop MUA I use already has "Reply to Author". Unsurprisingly it uses >> From as the identity to use as "Author". > > >I imagine it is going to stay that way for several years. Perhaps it's >quicker >to unmunge on delivery. > > >> It's not clear to me which you mean by author's domain? Are you suggesting >> that the email originator include both Author and From > > >Yes. > > >> and DKIM sign Author instead of From? > > >No, they should sign both. > >For one thing, if the author's domain sign Author:, they should deserve a copy >of DMARC report even if From: was rewritten (especially if the receiver tried >to unmunge.)
So originator includes From and Author and signs both. Then the mediator (e.g. MLM) minges From and signs again. Receiver checks DMARC and it passes. Then receiver sends feedback to both Author and From domains? Is that right? Scott K _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
