Re: [dmarc-ietf] Ratchets - Disallow PCT 1-99

Thu, 22 Jul 2021 11:32:31 -0700 

On Wed 21/Jul/2021 20:05:41 +0200 Matthäus Wander wrote:

Alessandro Vesely wrote on 2021-07-21 19:41:
Some lists operate the evasion hack, a.k.a. From: munging, only if the sender has p=quarantine or p=reject, some do it unconditionally, some only if the mail is outbound, some only if the receiver is mail.ru. Behavior doesn't seem to be settled yet. 

We should add a section on From: munging in the spec.


It's explained as mitigation in RFC7960:
<https://datatracker.ietf.org/doc/html/rfc7960#section-4.1.3.1>


What's seems to be missing is a recommendation to not change DMARC validation 
behavior subject to p= or other conditions. A conditional validation makes 
p=none less useful for monitoring of potential delivery problems.




I agree that it's easier to deal with From: munging when it's done uniformly on 
all messages.  However, I'm not sure whether to actually RECOMMEND to do so.


How about something more or less like the following?

    *Mailing Lists*

    Mailing lists are characterized by changing the bounce address
    (RFC5321.MailFrom) on forwarding, see SMTP ([RFC5321]).  Described in
    Internet Mail Architecture ([RFC5598]) as a kind of Mediators, several
    mailing lists do additional changes that break most original DKIM
    signatures.  Before DMARC, this wasn't a problem.  As DMARC becomes more
    widely supported and generic mailbox providers public strict DMARC
    policies, mitigation as described in Interoperability Issues between DMARC
    and Indirect Email Flows ([RFC7960]) becomes necessary.

    We RECOMMEND that mailing list managers (MLMs) change the From: address
    (RFC5322.From) in order to become the owner of the main DMARC identifier.
    For example, if the incoming message has:

        From: Original Author <u...@example.com>

    then the forwarded message SHOULD change it, for example like so:

        From: Original Author via list-tag <whate...@list.example.org>

    See [RFC7960] for a full explanation of whys and hows.

    For uniform behavior, MLMs are better off applying the same mitigation
    technique irrespective of the current content of any DMARC records.
    However, some MLMs are known to decide whether to apply that change or
    not based on the existence of an author's domain DMARC record and the
    value of the "p" tag therein.  In any case, MLMs MUST NOT consider the
    value of the "pct" tag in order to make such decision.


Best
Ale
--




















_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc




























					Reply via email to