Re: [dmarc-ietf] DMARC as Signal to MLMs for Rewrites (or not)

Sun, 20 Sep 2020 03:49:59 -0700 

On Fri 18/Sep/2020 15:17:53 +0200 Joseph Brennan wrote:

or don't use p=quarantine and p=reject    Keep it simple




Publishing an actionable policy is not just a question of simplicity.  It 
conditions the very semantics of DMARC.



OTOH, MLM transformations break signatures irrespective of From: rewriting. 
Perhaps, we should make it more clear whether the "MLM problem" consists of the 
inconvenience of having From: rewritten rather than the inability of verifying 
the original author domain signature.



At any rate, the two drafts referenced below propose methods to validate the 
original domain.  At that point, the original From: can safely be restored.



Considering that both methods have to rely on additional stuff passed in the 
message header, the two methods can be viewed as strikingly similar to each other.



Best
Ale




On Fri, Sep 18, 2020 at 5:47 AM Alessandro Vesely <ves...@tana.it> wrote:

On Thu 17/Sep/2020 21:11:42 +0200 Sabahattin Gucukoglu wrote:


Wouldn’t it be nice if you could ask for MLMs to transform, just using a
DMARC policy, even p=none, so that you could test with a live environment
containing MLMs that work around DMARC policy? Or you could ask for *no*
transform, even for p=quarantine or p=reject, so that your DMARC policy can
be used to legitimately restrict usage to directly-sent email?



It may be practical to place the asking in the message header, rather than
in the DMARC record.  That way, senders can specify their wish on a
per-message basis, presumably based on message recipients.  Note that a
request to transform can include information about how to reliably undo the
transformation, thereby verifying the original DKIM signature as described
in dkim-transform[*].  Possible strategies that senders might use could be
similar to those for putting weak signatures[†].


Best
Ale
--
[*] https://tools.ietf.org/html/draft-kucherawy-dkim-transform
[†]
https://tools.ietf.org/html/draft-levine-dkim-conditional-04#section-4.1
























_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc





_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc



_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc






















					Reply via email to