>The opportunity for this WG would appear to be to spell out sensible >practices for use in the two situations, and perhaps to spell out the >trade-offs for deciding between the two, assuming that we are able to do >so without devolving into further equine abuse. I'd suggest that >specifying a List-Poster: header for use in the rewrite case is an >appropriate example of the former.
While I realize that the enormous market power of the DMARC group has given mailing lists no choice but to use various workarounds, I don't think you'll find any consensus in this WG that From: rewriting or anything similar is a fait accompli. I also haven't seen anyone seriously address the concern that List-Poster: and its ilk are a short term workaround with the long term effect of training users to be phished, even more than they are already. I would much rather look at technical approaches that allow mailing lists and other forwarding agents to continue operating as they have for the past 30 years, in as secure a way as possible, without inventing new giant holes for the use of the criminals that DMARC is supposed to deter. That's what my two-level DMARC forwarding signature proposal is supposed to do. I don't claim it's perfect, but I think it's within tweaking distance of being workable. I'm not wedded to it, there are other approaches that might work, too. It also has the advantage that the implementation effort is primarily by large users of DMARC, who I would expect are aware of this WG and might actually do it, rather than makers of MUAs, who aren't, and won't. R's, John _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
