Dave Crocker wrote in <[email protected]>: |On 7/23/2025 1:59 PM, Allen Robinson wrote: |> Is this a loss of flexibility? Yes. The proposal will not permit |> system A to direct bounces to system B, as a way to mitigate |> backscatter attacks. | |The design flow template that is being followed is: | |Here is a flexibility feature. | |Some people abuse it. | |Oh. So let's eliminate it. | |Rinse, repeat.
Now, this is an interesting discussion! For ACDC -- btw, draft 07 is still not submitted, they do not Cc themselves when an idnits-passed thing of a registered user failed, which i find pretty funny ;) -- certain things have to be said. First of all, this is not about backscatter bounces; SMTP does not know about 5322.anything, and so that not; ie, ACDC does not introduce SMTP bypass mechanisms, at all, and i can only shake my head that noone discusses that. In my opinion it goes into the wrong direction to introduce such, as i said multiple times. (Having said that, i agree DKIM software should offer configuration options to ensure 5321.FROM==5322.SENDER; i will add that to my software in the future for sure. A shame i did not think of that myself.) ACDC actually also introduces the requirement that a DKIM/ACDC signature with "sequence" (number) 1 and "O" flag set links to 5322.From. It is not BCP14 wording though. It does not talk "alignment" at all, since DMARC gets obsolete (over time) if DKIM ensures the conditions as such. Logically. I consider it a deficit of even the unsubmitted draft 07 that we do not talk about 5322.Sender. I mean, today, it *must* be 5322.From in the weakened DMARC sense of "first address of 5322.From (weakened because DMARC simply boils it down to [no-sender-]one-address-in-from, unless i am mistaken, overall). That is, to get back to a functional email system, the mitigations should include an approach to overcome that, so that, in a better future, the usual From/Sender (Author) scheme springs back into existence! How to do that the best way a discussion should reveal. It does not really matter for true DMARC processing i would think, since DMARC only applies to [no-sender-]one-address-in-from, does it. It is all pretty borked. Is it. Like i said, the group should discuss about mitigations, and how to revive email as it was meant, and as, for example, Robert Elz, as an elder, naturally sees it. I had posted a quote of him, in the past. However, one thing is plain. We have here networks of power who try to get through their own approaches, however superficial their perspective on the email system as such is. There is no discussion except for picking on little details. It is a pity. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) | |During summer's humble, here's David Leonard's grumble | |The black bear, The black bear, |blithely holds his own holds himself at leisure |beating it, up and down tossing over his ups and downs with pleasure | |Farewell, dear collar bear _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
