J. Gomez writes: > > What else do you propose that we do? > > Well, if you ask... Mediators could take ownership of the > Header-From whenever their involvement results in the Originator's > DKIM signature being invalidated.
The From header field is not in the public domain, and not available for appropriation. "Taking ownership" of something that isn't yours is properly called "theft", and as I understand it is it forbidden by all of the mail header RFCs since 733, which assign that field to the originator, and no role in editing it to other participants in the mail system. The fact that Message-ID changes not only are not performed, but actually cause annoyance (unfilterable duplicates for subscribing recipients and inability to search archives for non-subscribers) suggests that to recipients as well as to originators and mediators the two messages are the same. Therefore the authors of the original messages remain the authors for the purpose of "From ownership". We (MLMs in general, as exemplified by GNU Mailman) in fact *do* allow this (as a per-list option). Not only does it violate the RFCs according to our interpretation, not only is it ugly and inconvenient, but it even causes some users to identify our posts as spam. This is hardly a desirable change if other changes can be made to improve the situation. > Or some other change to their "entrenched" traditional behavior, > like stop adding subject tags and body footers and being content > with using some List-ID header to identify themselves, etc. My own Internet facing lists don't add any such, although the lists where I can effectively forbid use of DMARC-abusing mailbox providers do. In general, it's not the mediators who care. It's the recipient users, who have a conflict of interest with their mailbox providers, not with the mediators. > Everyone (Originators and Receivers) And Mediators. I don't understand why you refuse to admit that Mediators *must* perform the same functions as Receivers and Originators in order to safely accept and reinject messages. In the case of GNU Mailman, with the help of Franck Martin, we also released (publicly, as part of our normal development cycle) a version including DMARC mitigations 6 months *in advance* of the April Fiasco. I don't understand why you insist on attacking the mediators, when (1) the DMARC Originators who publish p=reject are in conflict with their own users, (2) the DMARC Originators are not only signing their own content, but unilaterally asserting that it is the only content permitted in any version of messages originated in their system, in violation of the expectations of their own users as originators and of mailing list subscribers as recipients, and (3) the particular "p=reject" use case causing issues was pre-deprecated in their own standard. In any case, your "burden-equalization" approach is purely political, and does not respect that fact that the technical opportunities to mitigate the problem are not equally distributed. Mediators have very little power to improve service unless the Originators participate; all we can do is watch the services we are allowed to provide be deprecated. > is changing their email usage patterns/processes in order to take > email to the next level (in reality, just to keep it a viable > communication option in an increasingly hostile Internet > environment), but Mediators seem totally unwilling to change their > email usage patterns/processes. Nonsense, and your insistence on this nonsense is getting very tiresome. The reality is that Mediators *have* changed their patterns and processes *already*, in fact some of the changes anticipated the issues we now are wrestling with. It's not the Mediators who are unwilling to change. It's the *users*. The agents who are blocking the changes needed to satisfy the users' requirements are the DMARC p=reject mailbox providers, in view of (1) and (2) above. Mediators such as mailing lists can adapt, *and already have done so*, but we also advocate our users' interests. Those interests continue to be harmed, to the profit of Yahoo! and AOL, and to the detriment of *everybody else* in the mail system. "Everybody else" includes those DMARC participating domains who respect the SHOULDs and SHOULD NOTs of DMARC! That's because a protocol that brings them benefit is now a dirty word all over the Internet. For example, are you aware that the Japanese government has deprecated use of *all* yahoo.* addresses for official business, despite the fact that only yahoo.com publishes p=reject? > Email is changing. We all have to change to accomodate the fact > that email is changing. Mediators don't seem willing to change at > all. What I see is that email is about to evolve to the next level, > and Mediators are at risk of being left behind if they refuse to > change to accomodate the fact that email is changing. Thank you for your concern. We Mediators can and will take care of our own interests, and ask you to desist with your efforts to help -- they are not helpful because they do not respect our users' requirements. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
