On 7/21/2020 10:58 AM, Dotzero wrote:


On Tue, Jul 21, 2020 at 11:52 AM Dave Crocker <d...@dcrocker.net <mailto:d...@dcrocker.net>> wrote:

    The mail is not spoofed.  Consider the definition of the word. Then
    consider that the MLM is authorized by the user with the address in the
    original From field.

This is an interesting statement and raises a question.. Does a user have the authority to authorize (some) use of a domain in a manner contravening the express statement (p=reject) of the domain owner/administrator? I'm going to have to say no.

The user is authorized to use that address. The problem here is not 'spoofing' but rather an internal personnel problem, with the user not adhering to the policies of the organization that authorized the user.

For this case, DMARC externalizes that internal personnel problem.

But it does not fit the definition of "spoofing".



    Also then consider that the existing MLM behavior has existed and been
    useful for roughly 45 years.

Slavery existed for a long time (still does in some places) and was useful (for some) for a long time. Things change and evolve.

    The problem, here, is DMARC's imposing a change in email semantics.


If that is the problem, why did you participate in the original DMARC effort? The issue was clear even back then.


The original DMARC effort was, in fact, to detect actual cases of spoofing, namely unauthorized use of a domain name by outside actors.

Different problem.

d/


--
Dave Crocker
Brandenburg InternetWorking
bbiw.net

_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to