It appears that Alessandro Vesely <[email protected]> said: >> If you trust the mailing list signature, doesn't that also mean you trust >> the list to behave "well"? If that's true, then why do you need Author? > >I trust the list to not allow attacks featuring spoofed Author:. (Spoofed >From: are possible but infrequent.) It is safer if Author: is set by the >author's MSA.
Hi, bot spammer here. My MSA is really good at putting other people's addresses anywhere I tell it to. You want a fake From and fake Author? No problem. To reiterate a point I think I've made three times now, the reason we have ARC rather than something simpler is exactly because spoofed mail leaks through lists and causes filtering problems. Since Author would be a copy of some version of From, it's hard to imagine how spoofed Author would be less of an issue. Perhaps since we have seen no support at all for this Author hack or other >From demunging, we could stop now and work on DMARC. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
