Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

On Mon 05/Dec/2022 23:49:11 +0100 Scott Kitterman wrote: To the extent this is worth thinking about at all, I think it can be left to local policy. If I were implementing this and was worried about it, I'd check DMARC for all the froms in the field and pick the most restrictive policy.

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

To the extent this is worth thinking about at all, I think it can be left to local policy. If I were implementing this and was worried about it, I'd check DMARC for all the froms in the field and pick the most restrictive policy. If we need to say anything at all (and I don't think we do), it

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

Here is an attempt at language which explains why multiple-from messages are excluded from DMARC processing.: "RFC 5322 allows the From header to include a list of address terms. This format is uncommon and some mail systems are known to reject such messages. The source mail system is unlikely

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

On Thu 24/Nov/2022 22:57:51 +0100 Dotzero wrote: On Thu, Nov 24, 2022 at 2:22 PM Neil Anuskiewicz wrote: On Nov 24, 2022, at 7:10 AM, Dotzero wrote: On Tue, Nov 15, 2022 at 12:29 PM Douglas Foster wrote: Your solution is straightforward, but I am not sold. DMARC PASS means that the

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

On Thu, Nov 24, 2022 at 6:12 PM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote: > I have been tracking the discussion pretty closely for about three years, > and I have no recollection of any discussion which established that From is > different from Author. On the contrary, we

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

I have been tracking the discussion pretty closely for about three years, and I have no recollection of any discussion which established that From is different from Author. On the contrary, we have said that From indicates the person's whose ideas are being presented, which is why authorship is

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

On Thu, Nov 24, 2022 at 2:22 PM Neil Anuskiewicz wrote: > > > On Nov 24, 2022, at 7:10 AM, Dotzero wrote: > >  > > > On Tue, Nov 15, 2022 at 12:29 PM Douglas Foster < > dougfoster.emailstanda...@gmail.com> wrote: > >> Your solution is straightforward, but I am not sold. >> >> DMARC PASS means

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

On Nov 24, 2022, at 7:10 AM, Dotzero wrote:On Tue, Nov 15, 2022 at 12:29 PM Douglas Foster wrote:Your solution is straightforward, but I am not sold.DMARC PASS means that the message is free of author impersonation.  This can only be true if all authors are

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

On Tue, Nov 15, 2022 at 12:29 PM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote: > Your solution is straightforward, but I am not sold. > > DMARC PASS means that the message is free of author impersonation. This > can only be true if all authors are verifiable and verified. > This

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

On Tue 15/Nov/2022 11:59:42 +0100 John Levine wrote: It appears that Alessandro Vesely said: They still do: 550-5.7.1 [62.94.243.226] Messages with multiple addresses in From: header are 550 5.7.1 not accepted. ht21-20020a170907609500b0078e1e77f443si1407469ejc.418 - gsmtp The

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

On Tue 15/Nov/2022 18:29:33 +0100 Douglas Foster wrote: Your solution is straightforward, but I am not sold. DMARC PASS means that the message is free of author impersonation.  This can only be true if all authors are verifiable and verified. That's not the semantic of multi-author. I'm

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

On Tue 15/Nov/2022 17:32:50 +0100 John R Levine wrote: On Tue, 15 Nov 2022, Alessandro Vesely wrote: No.  We can see that either you violate standards by blocking à la Gmail, or you're open to attack schemes based on exempting messages from DMARC evaluation.  I'd call that broken. Can you

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

On Tue, Nov 15, 2022 at 2:22 PM Tobias Herkula wrote: > Why not state that, if there are multiple mailboxes mentioned inside the > “From”-Header that DMARC should then use the “Sender”-Header? And if that > does not exists it’s a FAIL > Does that mean I can put anything I want in From,

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

Option 1:. Change spec to require DMARC evaluation on all From domains. Will an individual who is constructing a multi-from message be able to ensure that the message pases DMARC on all of the names! Not likely. So multi-from depends on non-verification and is therefore out of scope.

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

On Tue 15/Nov/2022 11:59:42 +0100 John Levine wrote: It appears that Alessandro Vesely said: They still do: 550-5.7.1 [62.94.243.226] Messages with multiple addresses in From: header are 550 5.7.1 not accepted. ht21-20020a170907609500b0078e1e77f443si1407469ejc.418 - gsmtp The

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

It appears that Alessandro Vesely said: >They still do: > > 550-5.7.1 [62.94.243.226] Messages with multiple addresses in From: > header are > 550 5.7.1 not accepted. > ht21-20020a170907609500b0078e1e77f443si1407469ejc.418 - gsmtp > >The question is whether they do so because of what

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

On Fri 11/Nov/2022 03:11:39 +0100 Douglas Foster wrote: Gmail has been blocking dual-from messages for years, so the practice has effectively been deprecated by the one player who is able to make these decisions unilaterally and make them stick. They still do: 550-5.7.1 [62.94.243.226]

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

For all the reasons you have observed, PERMERROR is the optimal result. This makes it clear that this is a special case which requires special handling. As for the concept, I disagree about it being a useful feature. Any configuration that does not occur at least once in every 100 million

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

On Thu 10/Nov/2022 18:21:55 +0100 Alessandro Vesely wrote: On Thu 10/Nov/2022 18:00:41 +0100 John Levine wrote: Does it mean that it is enough to add a second mailbox in order to have the failure of the relevant DKIM signature become unmeaningful and accept with dmarc=none? No, of course

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

On Thu 10/Nov/2022 18:00:41 +0100 John Levine wrote: Does it mean that it is enough to add a second mailbox in order to have the failure of the relevant DKIM signature become unmeaningful and accept with dmarc=none? No, of course not. But then, what should a mail filter do when it meets

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

On Thu, Nov 10, 2022 at 4:43 PM Alessandro Vesely wrote: > On Thu 10/Nov/2022 17:14:32 +0100 John R Levine wrote: > >> It says: > >> > >>Multi-valued RFC5322.From header fields with multiple domains > >>MUST be exempt from DMARC checking. > >> > >> Does it mean that it is enough to add a

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

On Thu 10/Nov/2022 17:14:32 +0100 John R Levine wrote: It says:    Multi-valued RFC5322.From header fields with multiple domains    MUST be exempt from DMARC checking. Does it mean that it is enough to add a second mailbox in order to have the failure of the relevant DKIM signature become

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

On Thu 10/Nov/2022 16:51:41 +0100 John R Levine wrote: We have never agreed what to do about From: header fields that have more than one address.  My inclination is to say DMARC doesn't apply since they are so rare and there is poor agreement about what they mean, particularly if the addresses

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

On Thu 10/Nov/2022 12:52:33 +0100 John Levine wrote: It appears that Alessandro Vesely said: A highlighted paragraph is the following: A message without a single, properly formed RFC5322.From header field does not comply with [RFC5322], and handling such a message is outside of

Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

It appears that Alessandro Vesely said: >A highlighted paragraph is the following: > > A message without a single, properly formed RFC5322.From header field > does not comply with [RFC5322], and handling such a message is outside > of the scope of this specification. > >Where