Yes! What you're saying about From header rewriting being necessary even in an ARC world, as well as what Jonathan says (in your link) about needing to swallow the bitter pill in regards to rewriting, is what I'm trying to convey.
BOD 18-01 put the line in the sand that 100% adoption of p=reject for .gov is the goal, even if the people who designed DMARC didn't anticipate mailbox hosters would be able to get there. EDUs and enterprises are starting to follow suit. Jesse From: Alessandro Vesely Sent: Saturday, March 16, 12:50 PM Subject: Re: [mailop] Mailing list with From header munging... and Outlook To: Brandon Long, Jesse Thompson Cc: mailop@mailop.org On Fri 15/Mar/2019 23:46:13 +0100 Brandon Long via mailop wrote: > On Fri, Mar 15, 2019 at 2:54 PM Jesse Thompson via mailop wrote: >> >> As it stands now, these "conditional" issues are cropping up as unforeseen >> or "poorly planned by IT". >>>> Conditional rewriting seems to give a signal that 100% DMARC adoption by >> all domain is not the intended goal.> > > From header rewriting for mailing lists is not without its draw backs, nor > was it assumed at the start that DMARC was going to apply widely or have > 100% adoption. I'm still not sure if 100% adoption is the goal.> > Also, we're working to mitigate the issue with mailing lists using ARC, > though the path from here to there isn't completely clear. I'd say its less > clear for mailing lists which start doing header rewriting, as at some point > they'll have to determine whether or not its ok to stop rewriting, if ARC > adoption is widespread enough... but those who jump straight to ARC, > especially if they really really hate the rewriting, might maintain the > status quo and be better off. The issue with ARC is that it means nothing to small servers which don't track domain reputation. They can easily add ARC stuff on forwarding, but won't be able to evaluate incoming chains which may be spoofed. Hence, small servers will have to lean on From: rewriting to honor DMARC. Let me note that SPF and DKIM had the same "defect" of being meaningless without assessments based on reputation tracking. Wasn't that the reason why DMARC was contrived? > Its a matter of what pain is best. No perfect solutions. p=reject; pct=0;[*] [*] http://lists.dmarc.org/pipermail/dmarc-discuss/2018-October/004183.html (and the following thread) Best Ale --
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop