On 7/21/2020 10:58 AM, Dotzero wrote:
On Tue, Jul 21, 2020 at 11:52 AM Dave Crocker <d...@dcrocker.net
<mailto:d...@dcrocker.net>> wrote:
The mail is not spoofed. Consider the definition of the word. Then
consider that the MLM is authorized by the user with the address in the
original From field.
This is an interesting statement and raises a question.. Does a user
have the authority to authorize (some) use of a domain in a manner
contravening the express statement (p=reject) of the domain
owner/administrator? I'm going to have to say no.
The user is authorized to use that address. The problem here is not
'spoofing' but rather an internal personnel problem, with the user not
adhering to the policies of the organization that authorized the user.
For this case, DMARC externalizes that internal personnel problem.
But it does not fit the definition of "spoofing".
Also then consider that the existing MLM behavior has existed and been
useful for roughly 45 years.
Slavery existed for a long time (still does in some places) and was
useful (for some) for a long time. Things change and evolve.
The problem, here, is DMARC's imposing a change in email semantics.
If that is the problem, why did you participate in the original DMARC
effort? The issue was clear even back then.
The original DMARC effort was, in fact, to detect actual cases of
spoofing, namely unauthorized use of a domain name by outside actors.
Different problem.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc