Re: [dmarc-ietf] Not Multiple From: mailboxes, was I-D Action: draft-ietf-dmarc-dmarcbis-24.txt

Wed, 16 Nov 2022 08:19:50 -0800 

On Tue 15/Nov/2022 18:29:33 +0100 Douglas Foster wrote:

Your solution is straightforward, but I am not sold.
DMARC PASS means that the message is free of author impersonation.  This can only be true if all authors are verifiable and verified.
That's not the semantic of multi-author. I'm sending a message from my PC and I log in in order to access a submission server on port 587. However, the content I type is being suggested by other people around me, so that the outcome is actually a multi-author message. Now, since my MUA let's me customize the From: line, it is correct to add their names and addresses there.
In theory, I should put the most prominent author first, the supervisor last, and copy my mailbox in the Sender: field. For the sake of simplicity, let's assume that the most prominent author is the owner of the PC, which is usually correct. The first author is the one who logs in, and is responsible for what she types, including other authors mailboxes.
What do you dislike about PERMERROR?  My SPF algorithm continues evaluating on PERMERROR and returns both the error and the fallback result.   This is not standard but it is within my freedom of control.
PERMERROR is for bad software/ configuration. For example, non-existing selector, l= tag larger than body size, timestamp in the future, and the like. It is something that requires human intervention in order to be corrected. Multiple authors is a different case.
Similarly, an evaluator could apply a fallback DMARC solution after PERMERROR caused by a multi-From message, if they want.  But it is not our role to ensure acceptance of an identifier that cannot be verified.   Verification is established at the domain level.
Many domains don't guarantee that the local part is correct, let alone the display phrase. The first domain name is guaranteed and that's it. I don't see why we should prohibit to add further mailboxes. The most likely outcome is that one resorts to put other authors in Cc: and write:
*NOTICE*: Mrs X, Mr. Y and Dr. Z are co-authors of this message. They are in the Cc: field because of broken email rules. 


Best
Ale
--




_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to