Moving this back to the main list: I said: Even if I agreed that it would be a good idea for every mailing list in the world to rewrite From lines so it's harder to tell who the messages are from and you can't reply reliably, there's no way that would survive last call. Remember that a few large mail providers abused DMARC to outsource the cost of leaking their user address books to crooks, and screwed up every mailing list in the world as a side effect. Blaming the victim is not the answer. Unfortunately, there is no good answer.
Scott said: Agreed. On my phone I use an MUA which will display either the friendly name or the address, not both. I routinely get messages that I can't tell who they are from without reading the raw header if someone forgets to put their name at the end of the mail because I no longer get their address in the normal display thanks to rewriting. I think, as was discussed at the meeting, what types of domains DMARC is suitable for needs to have some kind of MUST or MUST NOT depending on how it's worded then with some non-normative words in an appendix which discuss options for damage containment when the MUST is ignored. On Sun, 7 Aug 2022, Alessandro Vesely wrote:
Saying that domains with human users MUST NOT use DMARC is not a solution either. The wording has to express the explanation Pete gave at the meeting, which sounds very close to RFC 6919. Letting the victim die is not the solution either. Among the solutions that MLMs adopt, some allow to undo From: rewriting at the MDA level. ARC doesn't preclude From munging. ARC verifiers can restore the original From: at rMDA level too. Actually, small receivers can simply trust selected, DMARC-aligned mailing lists and restore the original From: in the cases where MLM saved it (w/o ARC). This kind of hack could be set up really quick.
Please please can we stop doing this. Trying to unmunge rewritten From: headers is totally out of scope for this group, and even if it weren't it does not scale and has terrible security problems. (If good guys can put in real rewrites, bad guys can put in fake rewrites, and if a recipient can tell whose rewrites are good enough to unmunge, it can equally well ignore whatever problem the rewrite was supposed to fix.)
I will try and write something similar to what Scott suggests, describing the problems without making us look foolish, and mentioning that there are workarounds if you insist on sending p=reject messages on paths that DMARC cannot describe.
R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
