On 7/19/20 1:33 PM, dcroc...@gmail.com wrote: > The essential point that needs to be made is that standards like this MUST > NOT be cast in terms of what end users will do. In practical terms, this > work has nothing to do with end users. Really. Nothing. > > To the extent that anyone wants to make an affirmative claim that end-users > /are/ relevant to this work, they need to lay that case out clearly, > carefully, and with material that provides objective support.(*)
I'll take a shot (admittedly, I'm having trouble keeping up with all of the points that have been made): We're migrating 30,000 lists, of various types/use cases, from a MLM provider that is DMARC-ignorant to one that munges the From. It rewrites the friendly-From in addition to the From address (this touches on Laura's point that even though some/most MUAs hide the domain, recipients still *see* something different) We have a DMARC policy published for our 500ish domains, and an increasing number of the domains of our external list members are publishing DMARC. DMARC enforcement (outside of our control) is also increasing - which motivates us to accelerate our transition to the DMARC-friendly MLM platform (one that rewrites the From) ** We have had many complaints from users about the From munging ** I could try to quantify, if that's the only way to prove the point that end-users matter and are relevant to this conversation. It calls into question whether we (or any domain) should publish DMARC policies. Gmail.com doesn't publish a DMARC policy, after all, and many people (such as some on this list) are using gmail.com to subscribe to lists, and they don't have to suffer the consequences of DMARC. Why should the rest of end-users suffer? (some might say) Granted, we are a university. Maybe these are just faculty being hyper-sensitive to how their messages are appearing to their peers/students. But isn't that enough evidence that end-users *are* relevant? With time, maybe we can change these end-user expectations, and From rewriting will be the new reality that people will accept. The To-rewrite strategy seems interesting, in a "From-rewriting is here to stay" assumed world, to force MUA behavior and to help mitigate the auto-collecting address problem. I think that draft-kucherawy-dkim-transform-02 is getting at what I was originally thinking. In my opinion, MLMs will *always* need to munge, because they will never know if an arbitrary receiver will trust their non-munged mail. Giving the receivers a way to un-munge (if they can and/or want and/or trust) would be a productive path forward out of this situation. I think that we just have to agree that From-munging by MLMs is a permanent reality. It needs to be documented more prominently (and promoted as part of the DMARC marketing) so that implementations are more consistent, so that un-munging tactics and/or MUA behavior can be consistently implemented. Jesse _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc