On Sep 27, 2014, at 1:15 AM, Stephen J. Turnbull <step...@xemacs.org> wrote:
> Douglas Otis writes: > >> X-Original-From is not standard and is misleading. > > Aside from BCP 178, I don't see what is unclear about it. It quite > obviously indicates the originator's From field has been altered, and > the [X-]Original-From field contains what the originator put in the > From field. Later alterations would leave [X-]Original-From alone, I > suppose, unless they actually want to claim authorship, in which case > they would delete. > > If you want a history in the case of not claiming authorship, use a > References-like mechanism and call the field "From-History". But that > seems pointless to me. Dear Stephen, Thank you for your thoughtful response, however there are a few problematic points. Use of DMARC on non-transactional email, without acceptable alternatives to ensure delivery, requires the From originator field definition to represent that of a third-party without clarity where or when this occurred, which might happen more than once within a delivery path. With From now muddled, From-History, Original-From, Resent-From or any term suggesting a version of a From field carried forward can not offer role clarity. >> For example, instead of X-Original-From: this could be Submitter: > > I thought we already had Submitter semantics, but in RFC 5322 the > field is spelled "Sender". In any case, that confusion seems far more > problematic to me than any that could arise from Original-From. True, but DMARC specifically does not use Sender. It only uses From with the intent of Sender being ignored. Nor does Original-From shed any light on this header-field's role once From has been muddled. >> Rather than defining this header field per RFC4405, > > Now you're seriously confusing me. RFC 4405 is an SMTP extension and > defines no header fields at all. The concept of "responsible > submitter" defined there does not correspond accurately to an RFC 5322 > originator field (specifically in the case where RFC4405.SUBMITTER is > not the RFC5322.Sender, and does not wish to represent itself as > author of the message). Should have said please completely ignore RFC4405. Call the header field Originator or On-Behalf-Of, if you don't like Submitter or you find it too confusing. The basic point is there should not be a rote carrying forward of a potentially muddled From header field into a newly defined header field attempting to preserve originator roles played by its contained identifiers. DMARC does not use this new field, so it can safely carry forward this critical role. In other words, carry forward the Originator header if present rather than a now questionable From. >> Defining a Submitter header field would give mailing lists, and >> invoice and notification vendors a clear and concise indication >> what change is needed. > > No change is needed. This is useless to indirect mailers until MUAs > display it. Scott assures us they never will, and because of lags in > adoption by MUA maintainers and then further lags in upgrading by > users, I would expect a large minority of users to be unable to see > this field after a decade even if his prediction is falsified. Unfortunately DMARC when not restricted to transactional messaging, requires some kind of change, but X-Original-From represents a poorly considered choice. You really mean From has become useless for indirect mailers. Sender does not handle what might be contained within the From header field nor is this header field always seen. Originator can act as a safer alternative where Sender is unable to convey the appropriate role anyway. >> A means to informally federate third-party domains might also be >> effective at defending this new header if needed. > > If we had "federation" we'd just "defend" the From field. Agreed. For any large ISP interested, we would be happy to setup the needed infrastructure for them to make this happen. Alas, these large vendor's dominance can force change on others who will suffer through the transition rather than on those instigating the change. The justification might be market dominance makes right. :^( For OS X Mail, Choose Mail > Preferences, click Viewing, then choose All from the “Show header detail” pop-up menu. To customize header details, choose Custom from the pop-up menu, click Add (+), enter the field name, then click OK. For Outlook, iOS Mail or others there are fewer options without changing email clients. It seems this will make someone some money. Some clients can only show all headers which would be unfriendly for those wanting to know who authored the message after circumnavigating all the DMARC foo aimed at keeping them safe with their high value transactional messages. Regards, Douglas Otis _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
