On 7/21/2020 11:51 AM, Dave Crocker wrote:

Also then consider that the existing MLM behavior has existed and been
useful for roughly 45 years.

The problem, here, is DMARC's imposing a change in email semantics.

Dave, there are different ways of looking at this. I've work with and developed MLM/MLS for as many years, and there are "mail engineering ethics" here to consider.

The first is Mail Tampering, which is part of 1986 US ECPA guidelines, Mail Tampering was an exception, not a rule, with the MLM/MLS to allow for body changes. This was not a normal expectation except to allow a very basic overhead level with headers/footers. Absolutely no tampering with the context, the "gist" of the copyrighted messages, is never expected to be altered. It was never expected for the Author field to be changed unless you had a digest or something like it where clearly the mail was not coming from you. In general, it would have been a US ECPA violation. It was not something you often seen done, if ever. The Newspaper Publisher industry is the only industry where legal concept of "Print To Fit" was acceptable for 100+ years. But if a MLM/MLS is considered a publisher, would it be exempt? Even then, the From is not changed in your letter to the editor.

Second, DMARC is imposing a new security protocol based on the premise the "From" is not expected to be changed. How will the MLM/MLS fit?

It can:

1) Supports the security protocol and the problem is solved. Exclusive domains made a published policy statement for exclusive signing. The Exclusive Domains does not expect its users to be using their domains outside the work place. The policy is honored.

2) Unintentionally ignorant of the security protocol, does nothing. This is your true legacy system.

3) Intentionally ignorant of security protocol while continue to resign mail. This is not a legacy system if it has adapted to resign mail and chose to neglect and ignore the security protocol.

4) Same as #3 but also rewrites From field.

#1 and #4 will resolve the problem. The proper protocol engineering fit is with #1. While #4 resolves the issue, it is perpetuating an undesirable design that can have serious mail engineering consequences simply by watering down the value of persistent 5322.From. The #2 and #3 MLM/MLS will be remain as problems until they change or the user is made aware he can't use his exclusive domain on a public forum.


--
Hector Santos,
https://secure.santronics.com
https://twitter.com/hectorsantos


_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to