On Fri 09/Dec/2022 16:47:47 +0100 Grant Taylor wrote:
On 12/8/22 5:17 AM, Alessandro Vesely wrote:
Those who do so are neatly classified as spammers.
On one hand I agree. But on the other hand I disagree.
One benign case is that [email protected] is configured to forward to
[email protected] so that Alice A. can perform her function. Time goes by,
Alice A. takes a job elsewhere. Some time later, Alice B. starts and
decides to re-use [email protected]. All the while nobody cleaned up
[email protected] which is still forwarding to [email protected].
Alice B. is in accounting and has nothing to do with and knew nothing about
the [email protected] forward until she started receiving complaints
that she couldn't help with.
A slightly less benign case was years ago when I was dealing with an AOL
sender and AOL had no interest in doing anything to stop the sender. So I
configured a forwarder to take messages from the sender, add them as an
attachment to a message that cited the AOL internal case number to AOL's
postmaster. AOL's postmaster had no hand in requesting the forward.
I consider both to be legitimate, non-spam, forms of forwarding in which
the recipient had no hand in the forward being put in place and likely
couldn't easily change it if they wanted to.
The second case, forwarding to postmaster, looks perfectly legal. It's not
transparent forwarding. A wrapped message is a 1st class message, with a
new Message-Id: and a new From:.
The leftover case is difficult. It needs attention to be diagnosed and
repaired. If it had a related whitelisting, it would also have to be
teared down.
In addition, note that forwarded messages usually have a single recipient.
"usually" being the operative word.
Remember, original incarnation of mailing lists started as multi-recipient
forwards / expansions at the MTA level. Long before Mailing List Managers
came into their own more proper existence.
Some Mailman configuration send with non-VERP bounce addresses. Any way,
single recipient is just a simplification.
Aside: I'll maintain that we are still suffering from such multi-recipient
expansion legacy today as many still do not treat the mailing list manager
as it's own proper first class email recipient and originator and instead
still consider it to be a bump in the path.
Well, I liked better when From: wasn't munged.
This makes it reasonable to set up per-recipient whitelists.
Please elaborate on what "per-recipient whitelists" means in this context.
Typical whitelist entries are set by the postmaster after careful
evaluation. Now, consider subscribing to a mailing list which does not
munge From: (possibly as an option). You need to whitelist the list
domain, otherwise messages could be rejected after DMARC POLICY. What if
you're not the postmaster?
A mail site enabling per-recipient whitelisting would allow any user
(recipient) to maintain her own whitelist. I'd imagine that as a web form,
where an authenticated user can fill the d= domain(s) to be whitelisted,
not site-wide, but only for messages destined to her, under her
responsibility. I'd figure that she would fill the form for list.example
along with her subscribing to the list. If she subscribed as, say,
[email protected], she'd need to fill her alias as well.
The same can work for a single dot-forward.
I think that would be safer than blindly trusting ARC.
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
