Re: [dmarc-ietf] Sender vs From Addresses

Wed, 24 Mar 2021 11:17:41 -0700 

On 3/24/2021 1:26 PM, Dave Crocker wrote:

On 3/24/2021 4:54 AM, Ken O'Driscoll wrote:
There is actually an existing working group draft discussing extending DMARC to incorporate the 5322.Sender header, see https://datatracker.ietf.org/doc/draft-ietf-dmarc-sender/. That document goes into considerable detail on how 5322.Sender could be incorporated in the future. 



To be possibly overly frank, I think the draft is stalled.� Given 
existing practice, there are challenges to fielding this, for 
incremental adoption, in a way that is reasonable and useful.� (The 
Internet does not support 'flag' days.)



I am still, sometimes, mulling over the choices for this, but so far 
haven't come up with (or seen) ways to resolve the challenge.



An option the working group declined to pursue is to define an 
Author: field and leave the From: field to the 'handling' role DMARC 
has relegated it to.� The draft for this is being pursued outside of 
the working group.






As I as always said with all our decision points, like this one -- if 
we are changing a well-used protocol, still in informational state and 
we are seeking a standard track, we need to provide more options. With 
all these rough decision they are ideal for making it optional.  So if 
you want a particular operation to expose a public policy that says 
"Sender" is in some formal protocol language way, is more important 
than "From" then there is no reason why we can not define those 
protocol rules.  But right not, DMARC is too limited. We must exploit 
and expand section 3.1.3 for advanced DMARC methods:


3.1.3.  Alignment and Extension Technologies

   If in the future DMARC is extended to include the use of other
   authentication mechanisms, the extensions will need to allow for
   domain identifier extraction so that alignment with the RFC5322.From
   domain can be verified.



This is whats holding us back --- trying to "correct" the current 
informational spec WITH words and no protocol improvements whatsoever.



So what is the rule for Sender? I'll support it if it makes sense. If 
sender is used, there SHOULD be some author policy tag indicating so.


-sender=1

means to follow your specs?

--
Hector Santos,
https://secure.santronics.com
https://twitter.com/hectorsantos



_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc






















					Reply via email to