On Thu 07/Oct/2021 11:56:19 +0200 Laura Atkins wrote:
On 7 Oct 2021, at 10:37, Alessandro Vesely <ves...@tana.it> wrote:
On Thu 07/Oct/2021 09:48:12 +0200 Laura Atkins wrote:
On 7 Oct 2021, at 01:08, Scott Kitterman <skl...@kitterman.com> wrote:
On October 6, 2021 11:37:26 PM UTC, John Levine <jo...@taugh.com> wrote:
It appears that Alessandro Vesely <ves...@tana.it> said:
Doug's [...] can finally be a much needed attempt at formalizing the old, known
From: rewriting.
formalizing a bad idea doesn't make it any less bad an idea.
Agreed.
Agreed. The other day I was trying to refer work to a colleague I’ve only
really interacted with on a professional mailing list. Due to header re-writing
and no email address in any other place in the email, I didn’t actually have a
direct email address for her.
What do we want to do, then?
I don’t know, honestly. Convince people to actually sign their emails and put
.sig files in? There are multiple lists I’m on that has people who post and I
have no idea who it is because they neither sign their messages nor include a
.sig file and the list sets the reply-to: as back to the list. Implement a
‘original author / submittor’ header for mailing lists?
There's Dave's Author: RFC 9057. It assumes From: rewriting, but doesn't
specify it. It complains that using Reply-To: distorts its meaning, in case
the MLM wanted to set it to the list itself, so adds the new field.
RFC 9057 came out as independent submission. I'd support adopting Doug's I/D,
but all this stuff, specifications of DMARC improvements to support indirect
mail flows, is part of phase II of the charter, which is considered complete.
It might be easier to update mailing list software to include a new header than
trying to change every SMTP server out there.
Sure! Maybe it is because the IETF is so slow in reacting. Maybe the IETF is
so slow because there are no beautiful solutions. The result is that we are
confined to techniques which can be applied unilaterally.
Let's exclude, for the sake of reality, both dropping DMARC altogether and
stopping to use mailing lists. What realistic possibilities are there?
If I had a realistic solution I’d have proposed it years ago. But just because
I don’t have a solution doesn’t mean that any other solution is better than
nothing. Sometimes proposed solutions compound the problem, not fix it.
ARC, when 60% of receivers will have (reliably) implemented it? This is not
more realistic than the Vernon's kook I cited upstream.
After careful consideration, header re-writing doesn't have to imply no email
address in any other place. Savvy lists save the original From: in Reply-To:
or Cc:. If some lists don't do that, perhaps specifying how to re-write From:
can improve that condition, no? When everything is done well, it is possible
to unmunge From: and fully recover pre-DMARC functionality while still enjoying
DMARC checks.
The avalanche has started, it’s too late for the pebbles to vote.
Do you see other possibilities?
There are fewer legitimate intermediaries (although there is the inevitable
long tail of older installations) than there are legitimate SMTP services.
Fixing the mailing list problem by adding a new header to identify the original
posters email address may be a better solution than codifying the horrible hack
that is From munging / rewriting.
Uh?!? What's the new field worth for if we don't codify the horrible hack?
My unmunging filter looks at each candidate field, Reply-To:, Cc:,
Original-From:, and Author:, and compares the display names with that of From:.
An unvarying way of rewriting would make that easier.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
