On 4/8/15 2:14 PM, Murray S. Kucherawy wrote: > The existing "relaxed" canonicalizations spell out a bunch of things you do > to the content before you compute the hashes. That's all these do as > well. It's more involved, to be sure, but in the end you're just trying to > figure out if the "d=" domain took responsibility for the content. Dear Murray,
You seem to presume DKIM redefinition is able to override DMARC assumption based policies. DMARC makes questionable assumptions of From header fields playing the role of Sender. An assumption especially unlikely when there is a different signed Sender header field which undermines an assertion of figuring out if the "d=" domain took responsibility for the content. DMARC was promoted by bulk senders who continue to ignore broadband provider's (ab)use of DMARC now affecting millions who must routinely examine their spam folder for errant message placement. DMARC also continues a mistake made by DKIM that non-negotiated message structure is somehow assured validated by a store-and-forward transport. A mistake still leveraged in phishing attacks; perhaps even fine tuned with use of DMARC feedback, since Botnets have automated DMARC deployment. DMARC does indeed discourage phishing abuse of transactional messages. When (ab)used elsewhere, it exposes mailing-list member privacy without those so exposed ever sending a single message. Malefactors can subscribe to mailing-lists and subsequently toggle their DMARC assertions. DMARC feedback given to these malefactors allows gleaning of otherwise private subscription information. While not all feedback is returned, malefactors can easily differentiate local policy results based on DMARC count offsets, offering malefactors far better insight into their proficiencies. The sheer might of broadband providers undermines Author roles of the From header field when incorrectly assumed also playing the role of Sender. The only sure escape for non-transactional services is to abandon From header field's assured role of Author and to seek headers so defined but not (ab)used by transactional services. Rather than using a complex encapsulation scheme not needed when the mailing-list is well managed, defining a different header should offer a less complex and more immediate solution without broadband provider cooperation. DMARC with DKIM does not determine whether a domain took responsibility. DMARC with DKIM forces an errant role of Sender on the From header field while deprecating the role of Author. Regards, Douglas Otis _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc