On 6/24/2020 8:09 AM, Dotzero wrote:
Sender: is completely irrelevant to the use of DMARC now.
Actually, I'm claiming it isn't.
Or rather, I'm claiming there is a failure to appreciate that it is
really Sender information that is important, not author information.
The fact that DMARC only has to do with a domain name tells us that this
is about an organizational actor and not a person. My claim is that it
is sufficient to focus on the operations actor rather than the author actor.
Again, note that RFC 733 (on up through RFC 5322) permit Sender: and
From: to be conflated. I'm suggesting making sure they are separated,
and then adjusting the DMARC focus -- and especially discussion -- from
author to operator. (Well, not so much adjusting the focus as correcting
the error of thinking that it's the author that matters.)
As you have mentioned many times in the past, the burden is on the
person making the assertion. You have not provided a compelling case
that Sender: would be a more useful value to validate on than From:.
We have substantial enough experience on the value of the use of From:
and the only experience with Sender: (SenderID) was in essence a failure.
We know that the use of From: causes some serious problems. Using
Sender: would eliminate them.
I'm not clear why that seems an insufficient justification. (Unless
there a demonstration that using Sender: rather than From: alters
DMARC's observable -- rather than supposed -- efficacy.)
Again: end-user recipient decision-making is irrelevant to
meaningful
email abuse handling.
While this may in fact be true now, it may be a function of the
presentation of the information to the end user rather than the
content of the information itself.
I think I don't understand what that means.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
