On Mon 08/Aug/2022 00:40:47 +0200 John Levine wrote:
On Sun, 7 Aug 2022, Alessandro Vesely wrote:
Actually, small receivers can simply trust selected, DMARC-aligned
mailing lists and restore the original From: in the cases where MLM
saved it (w/o ARC). This kind of hack could be set up really quick. >
Please please can we stop doing this. Trying to unmunge rewritten From:
headers is totally out of scope for this group, and even if it weren't it
does not scale
Symptomatic treatment is out of scope?
Why doesn't it scale?
and has terrible security problems. (If good guys can put in real
rewrites, bad guys can put in fake rewrites, and if a recipient can tell
whose rewrites are good enough to unmunge, it can equally well ignore
whatever problem the rewrite was supposed to fix.)
Isn't that exactly the same problem that ARC poses?
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
