On Tue, Jul 21, 2020 at 2:06 PM Dave Crocker <dcroc...@bbiw.net> wrote:
> On 7/21/2020 10:58 AM, Dotzero wrote: > > > > > > On Tue, Jul 21, 2020 at 11:52 AM Dave Crocker <d...@dcrocker.net > > <mailto:d...@dcrocker.net>> wrote: > > > > The mail is not spoofed. Consider the definition of the word. Then > > consider that the MLM is authorized by the user with the address in > the > > original From field. > > > > This is an interesting statement and raises a question.. Does a user > > have the authority to authorize (some) use of a domain in a manner > > contravening the express statement (p=reject) of the domain > > owner/administrator? I'm going to have to say no. > > The user is authorized to use that address. The problem here is not > 'spoofing' but rather an internal personnel problem, with the user not > adhering to the policies of the organization that authorized the user. > > For this case, DMARC externalizes that internal personnel problem. > > But it does not fit the definition of "spoofing". > > Please note that I did noy use either the word "spoof" or "spoofing". You wrote "MLM is authorized by the user". Someone without authority cannot authorize. In this case the user externalized the problem, not DMARC. > > > > > Also then consider that the existing MLM behavior has existed and > been > > useful for roughly 45 years. > > > > Slavery existed for a long time (still does in some places) and was > > useful (for some) for a long time. Things change and evolve. > > > > The problem, here, is DMARC's imposing a change in email semantics. > > > > > > If that is the problem, why did you participate in the original DMARC > > effort? The issue was clear even back then. > > > The original DMARC effort was, in fact, to detect actual cases of > spoofing, namely unauthorized use of a domain name by outside actors. > > Different problem. > Actually, part of the effort was to enable Sending domains to identify their own mail that was being sent without aligned DKIM signing or from places not authorized through SPF - in other words, not properly authorized but legitimate, hence feedback loops. Michael Hammer
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
