On 17 Jun 2020, at 13:27, Dave Crocker wrote:
On 6/17/2020 9:56 AM, Pete Resnick wrote:
No, the semantics of From: have not changed generally. It's that some
mailing lists have to change the semantics of From: in the face of
the inability of DMARC to express the semantics that they want.
The two sentences seem to be in conflict. If there is a degree of
practice that creates a different semantic for the field, then its
semantics have changed, at least for the portion of email traffic.
You'll note the word "generally". Most of my email carries the same
semantics it always has in From:. There is a small subset that doesn't.
But (and not to get too philosophical here), even when the semantics
aren't the same, it is often a surprise: I find that something didn't
match my expectations, only to discover that the originator of the email
didn't use the same semantics I was expecting as recipient. That doesn't
necessarily constitute a change in semantics for the email, but a
mismatch: The originator said "sunny" and I thought that meant "without
clouds". Even if I figure out the mismatch, I might not agree to "the
semantics changed"; I might prefer to go with, "The originator made a
mistake." In the present case, some mailing lists are using the same old
semantics and some are using a new set; that doesn't convince me that we
have an interoperable semantics to which we have "changed".
Here's a simple operational test: MUAs typically can aggregate
messages 'from' the same author. After all, that's always been the
primary role of From, to indicate who created the content. Such
aggregation is usually found to be helpful.
Historically -- for 40+ odd years -- this has worked for mail going
through mailing lists. Now it usually doesn't. I'd appreciate an
explanation of how that does not constitute a change in semantics.
Of course, I'd be interested in the "usually" part. It's not true of my
mailstore, but my mailstore is far from average. I do know that even on
the local non-profit board to which I belong (and had no hand in setting
up), the Outlook server uses the semantics to which I am accustomed,
though maybe having a smaller list where most people using their gmail
addresses makes it equally "not average".
Have a folder with a variety of messages from correspondents, where
some of a person's messages are sent directly to you and some of their
messages are sent through mailing lists that adapt the From: field
content in order to avoid DMARC rejection. The MUA will handle mail
from the same person, but that went through these two different paths,
as being from different sources.
I'm sure that happens.
DMARC relies on From: because it is the only field with an identifier
that is always present. Sender is not reliably present, except
virtually. The nature of what DMARC is actually doing looks more
like relying on the operations-related Sender: field than the
author-related From: field.
DMARC has nothing to do with display of author information to a
recipient, and everything to do with differential handling by a
receiving filtering engine. Were the Sender: field always present,
that would be the one that DMARC should have used.
It could have chosen the more complicated, "Sender unless not present,
in which case From". But yes, this bit I get. That said, there are
people who have argued that From: was chosen because Sender: was not
displayed. I think that's a silly argument, but it's one that people
still believe.
So, really, DMARC has altered the semantics of the From: field to be
the Sender: field.
Wait a minute: I think this point needs some clarification. We know that
the pre-DMARC semantics of the From: field are "the entity that authored
the message". Originators were expressing that meaning and recipients
were interpreting that meaning. My understanding of the meaning that
DMARC added was, "The author of this message, as expressed in the From:
field, always has their messages properly signed by the domain in the
From: address." You seem to be saying that, no, what DMARC did was
changed the semantic to be, "The From: field now represents the
transmitter of the message (as used to be expressed in the Sender: field
when present), not the author, and that transmitter always has their
messages properly signed by the domain in the From: address". Do I have
that right? (And I presume that either way, these are de facto
semantics, not intentional ones that are documented anywhere, right?)
The nature of the hack that mailing lists do, when altering the From:
field, makes this clear: They alter information about the operator
handling the message, destroying the original information about
content authorship.
Mailing lists that make other choices (throwing away messages from DMARC
reject senders, denying subscriptions from them, or simply ignoring them
and ending up with bad consequences) have obviously not gone along with
the certain forms of the semantic change.
pr
--
Pete Resnick https://www.episteme.net/
All connections to the world are tenuous at best
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc