On 7/28/2020 7:20 AM, Alessandro Vesely wrote:
On Tue 28/Jul/2020 13:09:29 +0200 Dave Crocker wrote:
On 7/28/2020 4:00 AM, Alessandro Vesely wrote:
On Tue 28/Jul/2020 12:37:32 +0200 Dave Crocker wrote:
On 7/28/2020 12:26 AM, Alessandro Vesely wrote:
Receivers can evaluate the Author: domain just like they would do
if it were the From: domain.
So you want to define DMARC as applying to both the From: field and
the Author: field? That will defeat the benefit intended for the
Author: field.
Yes. In case of conflict, evaluation of Author: has to be omitted.
For example, Author: fields containing multiple mailboxes are not
considered.
1. I don't understand the details you have in mind that would make
this useful.
It is an optional evaluation. It's easy to do, if you already verified
DKIM and SPF. It is not terribly useful, admittedly, except that having
two or three "pass" makes for a stronger authentication than just the
From:. The chief reason for evaluating it is to give feedback to the MLM.
There is no specification for doing this. It means that there is no
basis for the creator of the Author field to expect such an
interpretation and no basis for a receiver to apply it an expect it to
be valid.
An interoperability standard require a shared definition of action and
meaning. The sharing is among the actors participating in that standard.
For one side to choose a behavior or an interpretation that is not
documented and shared by the other participants is to pretend that a
heuristic is more than that.
2. Again, this seems to defeat the purpose of having the Author field.
Why?
The field is intended to be free of the problematic treatment the From:
field is now getting. You appear to want to encumber it, so that it
experiences those same problems.
As a new field, Author: doesn't wear a reliable-id trophy, hence
receivers may refrain to apply policy dispositions. However, the
result of the evaluation, conveyed through aggregate report, can
tell MLMs if rewriting From: was necessary.
How, exactly?
Author: and Sender: domains can be included in aggregate reports
along with the From: one. The policy_evaluated can also include more
items, specifying which evaluations pass or fail.
Yes, one could modify DMARC to have its reporting include additional
information.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
