On Apr 18, 2023, at 1:11 PM, Alessandro Vesely <ves...@tana.it> wrote:
> 
> Perhaps when DMARC will work smoothly, someone will find out how to tell 
> legitimate rewriting from plain spoof.
> 

Lookup DMARC record and begin to piggy back off this lookup:

- Check for rewrite=1 tag indicating allowance to rewrite. 

- Check for asl= or atps=y signer authorization.

If the domain tells the resigner he can destroy the authorship, you now have a 
legitimate protocol negotiated handshake/contract. I prefer if there was an 
explicit authorization using asl= or atps=y, but an open ended rewrite=1 tag is 
fine, I think.  It is permission the domain is giving to resigners.

—
HLS

_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to