On 7/27/2020 1:12 PM, Joseph Brennan wrote:
Avoiding it by redefining From: to serve the former purpose of Sender:
and creating a new Author: to serve the former purpose of From: seems
to me to start us down a long road of new header fields every couple
of years.
Oh? This is cast essentially as a fear. Your basis for believing this
is what?
As for the re-defining of From:, the premise of the Author: proposal is
that DMARC has already effected that change.
Verifying that the message really is from phisher.example is a useful
data point. The receiving system can choose to mark it with a warning
like "you never had mail before from phisher.example".
Mark it how and for what use? How does that deal with the user-level
problems caused by From:-field rewriting?
Consider a DMARC DNS tag for the bank to ask the receiving system to
verify the From, while the end-user system would not use that tag. I
think this is the distinction that should be made, for mailing lists
to work but sensitive data to be more protected than end-user mail.
I don't understand what you are suggesting or how it would work usefully.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
