Hi, On 25/11/2020 13:57, Douglas E. Foster wrote:
Indirect mail flows are difficult to detect. SMTP address rewrite is already common practice for forwarding.
Return address rewriting is a Good Thing™, unlike From: rewriting. I'd welcome forwarding my email, even if modified (I'm not a bank). At the same time, I'd stop spam pretending to be coming directly from my server. SPF -all yields such possibility, except that it sometimes stops internal forwarding at uncoordinated admds. My proposed dp=reject would ameliorate spf-all while still being more permissive than p=reject. A midway policy, which tackles the "mailing list problem" from the other side.
More to the point, John's interest is finding ways to increase the trust level for forwarded mail, while your idea says that direct mail is more trusted than indirect mail, which is the problem he is trying to overcome.
Yes, they are two different problems.
We need to be able to evaluate indirect mail based on both the submitter MTA. and the originator MTA. ARC gets us started in that direction. I think more filtering data is needed and am working on a proposal to that effect.
Without resorting to ARC, it is still possible to validate author domain's signatures directly if the MLM just adds a subject tag and a footer, like, for example, this list does. While ARC solves "deep" forwarding problems, which may arise in the context of email address portability, MLM transformation reversion solves the simpler mailing list problem, including reverting munged From:'s.
Best Ale -- _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
