On Mon 14/Nov/2022 01:26:29 +0100 Scott Kitterman wrote:
Because of DKIM’s broad deployment, compatibility with existing
deployments will be a critical factor, and it is unlikely that proposals
that lack compatibility will proceed to publication.
Is compatibility with DKIM sufficient for the charter or should there be
broader language about compatibility with existing email architecture? I'm
inclined to say "Yes", but I'm unsure about wording.
What most approaches seem to imply is that a message which passes DMARC is
acceptable when the recipient can be derived from one of the mailboxes in the
To: and Cc: header fields —let's call *blindfolded messages* those which miss
this feature. Email arch only authorizes to read To: and Cc: fields on
sending, along with non-copied Bcc:, in order to derive the RCPT part of the
envelope.
The solution we seek would imply to reject or quarantine non-whitelisted
blindfolded messages, even if they pass DMARC. This can be thought of as a
further tightening of policies. It would disrupt email architecture in a way
similar to what DMARC itself does. Indeed, DMARC charter does say that it is
problematic for email architecture at large. We should say the same here.
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
