On 17 Apr 2014, at 21:53, Theodore Ts'o <tytso(_at_)mit(_dot_)edu> wrote:
Suppose we made the mailing list software take the contents of the
From field, and moved it to something like "X-Originally-From: ", and
changed the From field to be "ietf(_at_)ietf(_dot_)org". That would be what
the
DMARC people would want, right?
Probably. I mean, the alternative is to upgrade DMARC so it recognises the
Originally-From field as From when it is present, but that would actually
require maintaining compatibility with decades-old software which didn't know
that From was the arbiter of all truth. :)
Except then, a couple of years later, because users might actually
want to find the message that was written by "Brian Carpenter", or
"Sabahattin Gucukoglu", and not from "ietf(_at_)ietf(_dot_)org", MUA's might
start using the Originally-From field in the summary field, and start
emphasizing the "Originally-From" from field in the UI. At which
point, the spammer/scammer/whatever could start forging the the
"Originally-From" field, and then Lo! There will be a DMARC II,
demanding that "Originally-From" field be aligned with the From field,
and we're right back to where we started.
It was the same argument about why a DKIM or DMARC couldn't just
verify the Sender field, and call it a day. The problem is that the
From field is what people pay attention to.
Precisely.
Of course, if we're starting just now, there's something we could try
differently: write it into Internet law that "NO MUA SHALL PROMOTE FOO TO THE
DEFAULT HEADER DISPLAY", where "foo" is whatever we come up with. Then MUA
software, when presented with a known-good and known-aligned authentication
results for From: could start displaying the green bar or whatever nonsense
they come up with to signal that all is good, just so long as the part to the
right of the @ is the domain the user thought the mail was really from.
However the MUA could continue to provide conveniences such as address
autocomplete, address book memorisation, search or reply that were all using
our new foo.
And this is true of whatever solution we want to better support
mailing lists. Suppose the answer is to rewrite the from field to
something like this:
From: ietf-resend+brian.e.carpenter=gmail(_dot_)com(_at_)ietf(_dot_)org
Or this:
From: ietf(_at_)ietf(_dot_)org (Originally from Brian E Carpenter:
brian(_dot_)e(_dot_)carpenter(_at_)gmail(_dot_)com)
It doesn't matter. Eventually, the UA's will start emphasizing and
parsing out the original From field information, because that's what
people will want to be automatically added to their address book, and
not ietf(_at_)ietf(_dot_)org, and that's what they will want to see in their
e-mail summary. And then the DMARC folk will say, "Oh, Noes!
Spammers and scammers and bears, oh my! They are using this loophole
to fool the naive user." We must have DMARC II... and DMARC
III.... and DMARC IV.... and it will never end.
Indeed. Of course, none of that helps the mailing lists of yesteryear, I mean
today. Right now, we're all screwed without one of these hacks. :(
Cheers,
Sabahattin