As with the mailing list problem, when the recipient expects authentication but the sender cannot provide it, the sender is disadvantaged.
Nor an I concerned about the limitations of a particular MSA product. However, we know that mailing list posts almost always start as authorized messages, so ARC is able to communicate that prior state. With dual from, there is no reason to conclude that the MSA reliably knows that the message was authorized by all authors, so there is no reason for the evaluators to impute that trust. Doug On Wed, Jan 17, 2024, 6:14 PM Murray S. Kucherawy <[email protected]> wrote: > On Wed, Jan 17, 2024 at 2:56 AM Alessandro Vesely <[email protected]> wrote: > >> Since email format allows multi-valued From:, its meaning is >> straightforward. >> > > Syntax, yes, but meaning? That seems debatable. Does the order of values > matter, for example? > > As John says, it can also be the result of some kind of mistake. Yet, >> presuming that a properly formatted input is correct is not such an >> elaborate >> conjecture to put the output in jeopardy. >> > > I know what "properly formatted" means in this context, but not what > "correct" means. > > >> > As I recall, with milter in particular, the MTA will add a missing Date >> > field, which the filter never actually sees and thus cannot sign. The >> > filter only sees the message exactly as it was presented to the MTA. >> As a >> > result, if the message is signed, Date is not, and any verifier that >> thinks >> > it ought to be will consider the signature invalid. >> >> That can well be considered a flaw of the Milter architecture. To wit, I >> named >> my filter "zdkimfilter" because Courier applies filters in lexicographic >> order, >> whereby each filter can see any changes applied by the previous ones, as >> in a >> pipeline. >> > > In milter, filters later in the configured sequence can see changes made > by those earlier. But as I recall, none of them see a Date field added by > the MTA after the milter sequence has completed, nor any other header > changes made by the MTA. > > >> If the MSA handled DKIM natively, you wouldn't have to insert a filter to >> do it. >> > > Well, sure, but that wasn't the point. > > However, since DMARC bears the blame of banning multi-valued From:, it is >> appropriate for it to say something about the consequences and possible >> workarounds. > > > I didn't know DMARC had banned multi-valued From. It simply says we > largely punt on how to evaluate it since it's sufficiently rare that it's > not worth teasing out meaning. It doesn't render the message generally > invalid. > > -MSK, participating > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
