On 6/24/2020 9:31 AM, Alessandro Vesely wrote:
On Tue 23/Jun/2020 20:49:11 +0200 Dave Crocker wrote:
So if Sender: wouldn't be as useful as From:, why not?
I'm a bit skeptic.
The assertion that "DMARC protects the domain name in the address part
of the From:" would have to be dropped.
Of course. But why is that a 'problem' rather than just a fact?
An obvious challenge in this type of discussion is to distinguish
surface issues from underlying issues. So for every observation like
this, about documentation language, we need to ask a version of "so
what?" That is, how does it affect actual DMARC efficacy?
The requirement that From:
domain be "the identifier used for all message validation operations,
as it is the single identifier in the message likely to be visible to
the user" was among the founding intuitions of DMARC. We used to
blame MUAs which don't display such datum... Don't we risk to loose
design consistency with that move?
Except that DMARC doesn't care about or use the MUA. Which is why I
keep claiming that referencing the MUA in DMARC discussions is a
distraction.
Sender: has a display name and an address, just like From:. Don't we
risk to double phishing opportunities?
If Sender: and From: domains disagree, are both going to get reports?
Why would there be a DMARC report on From:?
Would that become v=DMARC2, or shall believers of strict From: have no
chance? Modifying the protocol for such a minor issue as mailing
lists sounds a bit of an overkill.
I made a point of not trying to offer the specification details, yet,
because those choices need to flow from an agreement on the basic
conceptual change I'm suggesting.
(My personal view is that it won't be necessary to declare a version
change, but really let's wait on discussing the details, pending
agreement to consider use of Sender:.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc