On Sat 18/Jul/2020 19:24:10 +0200 Jim Fenton wrote:
On 7/18/20 1:45 AM, Alessandro Vesely wrote:
DMARC filtering is designed to operate at the (edge) MX, not MUA. If
applied consistently, it grants a well defined kind of protection.
That is just a building block, not a silver bullet. Our problem is
that DMARC filtering cannot be applied consistently, because of MLMs.
Lowering DMARC's contractual obligations is not a proper solution.
You lost me there. What do you mean by "DMARC's contractual obligations"?
One is filtering on From:
o Allow Domain Owners to assert the preferred handling of
authentication failures, for messages purporting to have
authorship within the domain.
https://tools.ietf.org/html/rfc7489#section-2.1
Here, authorship should be meant to be something rather akin to a formal
copyright holder, whereas the Author: field addresses moral attributions. In
that sense, authorization to rewrite From: is granted by BCP 78.[*]
OTOH, filtering on Sender: doesn't comply with the quoted purpose.
Best
Ale
--
[*] IANAL.
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
