ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: (DMARC) Why mailing lists are only sort of special

2014-04-17 08:27:25
from [Yoav Nir] [Permanent Link] 

On Apr 17, 2014, at 4:11 PM, Martin Rex <mrex(_at_)sap(_dot_)com> wrote:


Yoav Nir wrote:


On Apr 17, 2014, at 9:35 AM, Dave Cridland <dave(_at_)cridland(_dot_)net> 
wrote:


Right now, my MUA treats this as a message
"From John R Levine <johnl(_at_)taugh(_dot_)com>". This means that any 
policy
on the message origination comes from looking solely at the taugh.com
domain. We'll pretend it has a DMARC policy. Herein lies the
Yahoo/DMARC issue, because unless your policy essentially stipulates
that the IETF is allowed to spoof you, we're stuck.


Then perhaps this is what needs to change. John R Levine did not send
you a message. He sent a message to the list. It is the list software
that sent you a message. So perhaps the From field should have been
?From: IETF Mailing list on behalf of John R Levine 
<ietf(_at_)ietf(_dot_)org>?.


But that is EXACTLY what the IETF mailing list exploder *IS* doing
exactly as it has been specified for ages:

https://tools.ietf.org/html/rfc822#section-4.4.2
https://tools.ietf.org/html/rfc822#appendix-A.2

https://tools.ietf.org/html/rfc5322#section-3.6.2

           The "From:" field specifies the author(s) of the message,
  that is, the mailbox(es) of the person(s) or system(s) responsible
  for the writing of the message.  The "Sender:" field specifies the
  mailbox of the agent responsible for the actual transmission of the
  message. 

 From: Yoav Nir <ynir(_dot_)ietf(_at_)gmail(_dot_)com>
 Subject: Re: (DMARC) Why mailing lists are only sort of special
 Errors-To: ietf-bounces(_at_)ietf(_dot_)org
 Sender: ietf <ietf-bounces(_at_)ietf(_dot_)org>
 Date: Thu, 17 Apr 2014 13:50:30 +0300
 Message-ID: <B3467912-BDCA-4AE8-9939-60013DA99267(_at_)gmail(_dot_)com>
 To: Dave Cridland <dave(_at_)cridland(_dot_)net>
 CC: "ietf(_at_)ietf(_dot_)org" <ietf(_at_)ietf(_dot_)org>


Something as old as Outlook 2003 will properly display a message
that is received with a "Sender:" as "<Sender> on behalf of <From>”


A client as new as Mail.app on Mac OS X 10.9 does not. 

Obviously the Sender: field is not where the DMARC implementations use for 
checking policy.

Yoav
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: (DMARC) Why mailing lists are only sort of special, Martin Rex
Next by Date:  Re: (DMARC) Why mailing lists are only sort of special, Dave Cridland
Previous by Thread:  Re: (DMARC) Why mailing lists are only sort of special, Martin Rex
Next by Thread:  RE: (DMARC) Why mailing lists are only sort of special, MH Michael Hammer (5304)
Indexes:  [Date] [Thread] [Top] [All Lists]