On Mon, 6 Jul 2020, Dave Crocker wrote:
I don't understand this scenario at all. Why would I want to show my user a message forwarded by a spammer? If the original sender wanted me to see it, she could have sent it to me directly, or through a legit mailing list.Perhaps, like some others, I'm not understanding this correctly, but I think the proposal has nothing at all to do with what the recipient sees. Rather, I've understood this as an attempt to reverse additions made by a Mediator, with the goal of validating the origination DKIM signature. Presumably that is so as to use the origination domain's reputation and even permit DMARC to validate.
But why would I want to do that? ARC lets a credible mediator say this message was OK before I munged it. This proposal lets a sleazy mediator say the same thing, with advice on how to verify mechanically.
A sleazy mediator takes a message from Paypal and wraps a big blob of HTML spam around it that will display on top of the original message. I get the spammy message, look at the signatures and find yup, there's a real Paypal message inside the spam. What should I do with it? It's unlikely the Paypal message was intended for me.
Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc