Harry Katz wrote:
With respect to the charter of this working group, in my opinion this
means we must focus our efforts at the From line of the message. That's
what the end user sees, so that must be our base case.
I would disagree. We should focus on what can provide the most benefit
for reasonable cost. As DNS-based authorization of From: breaks list
expansion and since list expansion is important and widespread, the
deployment of DNS-based authorization of From: will be significantly
limited. This limited deployment significantly reduces the overall benefit.
It may well be possible to address the list expansion issue or it may be
that the overall benefit is high enough despite limited deployment, but
that is not immediately evident.
2. If we can't validate the domain of the From header, then we must
inform the user that we validated something else.
Again, I would disagree. The end user benefit of validating the
Return-Path is that the user receives significantly fewer bounces from
messages they never sent in the first place. The end user receives this
benefit without needing to be informed that any sort of validation has
taken place.