On 7/23/2020 6:07 AM, Joseph Brennan wrote:
I think that we just have to agree that From-munging by MLMs is a permanent
reality. It needs to be documented more prominently (and promoted as part of
the DMARC marketing) so that implementations are more consistent, so that
un-munging tactics and/or MUA behavior can be consistently implemented.
I'd be happier for the proposed standard to say that DMARC policy
"SHOULD NOT" be compromised by rewriting From lines-- and see how that
goes over. My reasoning is that blessing the practice makes it easier
for bad actors to craft spoofed mail and get it accepted. The opposite
of the purpose of DMARC, isn't it?
Technical specifications are not policy advisories or expressions of
opinion. They definebehavior to be used by actors that are trying to
follow the specification. A specification defines a sandbox. Normative
statements apply to actors that have chosen to be inside the sandbox.
So, normative language in specifications is meaningful only when it will
be followed. Giving directives to actors not participating in the topic
of the specification is wasteful and likely misleading.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
