Since we seem close to agreement on the tree walk text, and and it
uses the psd tag, can we ask IANA to add psd=u/n/y to the registry, please?
R's,
John
___
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
It appears that Alessandro Vesely said:
>> If you trust the mailing list signature, doesn't that also mean you trust
>> the list to behave "well"? If that's true, then why do you need Author?
>
>I trust the list to not allow attacks featuring spoofed Author:. (Spoofed
>From: are possible but
On Fri, Aug 12, 2022 at 12:28 PM John R Levine wrote:
> On Fri, 12 Aug 2022, Alessandro Vesely wrote:
> >> When Dave proposed the Author header, part of the idea was that DMARC
> could
> >> use it rather than From.
> >
> > IIRC that was the Sender: field.
>
> No, DMARC decided not to use Sender
On Fri, 12 Aug 2022, Alessandro Vesely wrote:
When Dave proposed the Author header, part of the idea was that DMARC could
use it rather than From.
IIRC that was the Sender: field.
No, DMARC decided not to use Sender back when DMARC was new. Dave
suggested using Author to work around the
The Source-Port field is non-standard so I'd take it out.
Defined by RFC 6692.
So it is. ARF is such a mess.
I'd change text/rfc822-headers to message/rfc822 and add ther a message
body or something like [ Message body was here ]
Why? I chose a body-less example as it looks more
On Thu 11/Aug/2022 18:26:38 +0200 Murray S. Kucherawy wrote:
A domain owner can know, for instance, that it only sends transactional
messages that have no purpose to ever go to a mailing list. Such an operator
can safely set "p=reject" because the risk of the collateral damage about which
On Thu 11/Aug/2022 19:47:17 +0200 John R Levine wrote:
On Thu, 11 Aug 2022, Murray S. Kucherawy wrote:
It only works if all or most lists add Author (none do today, and it would
take a long time to get this rolled out if they started), and no other
software co-opts and mutates it for whatever
On Fri 12/Aug/2022 08:46:45 +0200 Murray S. Kucherawy wrote:
On Thu, Aug 11, 2022 at 3:16 AM Alessandro Vesely wrote:
That's the /complicated/ de-munging strategy. The much simpler approach I
described upthread would work 100% of cases for lists that add the Author:
field. It is a little
On Thu 11/Aug/2022 21:06:31 +0200 John R Levine wrote:
On Thu, 11 Aug 2022, Alessandro Vesely wrote:
I added an example, see
https://github.com/ietf-wg-dmarc/draft-ietf-dmarc-failure-reporting/blob/main/draft-ietf-dmarc-failure-reporting-04.txt#L528
I just picked a report I received and
On Thu, Aug 11, 2022 at 3:16 AM Alessandro Vesely wrote:
> That's the /complicated/ de-munging strategy. The much simpler approach I
> described upthread would work 100% of cases for lists that add the Author:
> field. It is a little less secure, as you need to trust the mailing list
>
10 matches
Mail list logo
