On Sun 14/Oct/2018 16:29:15 +0200 Al Iverson via dmarc-discuss wrote: >> >>> Rewriting the from address to something that fails -- and thus is >>> potentially going to fail delivery at any ISP that checks to see if >>> the from address is valid -- seems crappy to me. >> >> Sorry, I don't understand what point you're making here. Where do you >> see something that fails? > > OK, you own a dot fail domain, get it. Ha ha, you got me. Don't blame > me for thinking an invalid-looking domain was invalid. Keep in mind > that in one of our prior arguments over header rewriting, you did > actually suggest changing the domain to .domain.INVALID.
I'd favor domain.INVALID. Its only defect originates from a dubious reject-on-nxdomain advocacy, which would require to use domains with wildcard records (e.g. domain.REMOVE.DMARC.TRAILING.PARTS). > I'd still say it's gauche, ultimately pushing the mail reply somewhere > other than to the mailing list or to the owner. If you've addressed > that, too, great, but it doesn't feel easy or scalable. I agree it doesn't sound safe. Even if it's only a few days, it looks amenable to attacks. On the other hand, those who used those addresses successfully are out for crude surprises. Not to talk about intricacies and bugs. So I don't think John's solution is a good candidate for standardization. Yet, if a WG would standardize it, it would certainly be better than the current limbo. The best path, IMHO, would be to accept that list messages are sent from the list, since lists add their mark to the content. I'm not a MUA author, but I'd guess that some clarification about after-DMARC header fields semantics would help getting better interfaces. The end goal of DMARC is to provide authenticated email. SPF and ADSP tried before it, suffering of the yes-but-not-really syndrome which relegated them to a (historic) hall of not enforced policies. Thanks to (oh gosh) AOL and Yahoo security breaches, DMARC was pushed forward a little bit harder. Maybe it could have been designed better, so as to allow the never-fully-specified mailing list etiquette to survive. Anyway, it is the best email authentication tool we have today. After 20 years of spam, it's perhaps time to accept it as a security retrofit for the email. Best Ale -- _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
