Dave Cridland <dave(_at_)cridland(_dot_)net> wrote:
> Right now, my MUA treats this as a message "From John R Levine
<johnl(_at_)taugh(_dot_)com
>> ". This means that any policy on the message origination comes from
looking
> solely at the taugh.com domain. We'll pretend it has a DMARC policy.
Herein
> lies the Yahoo/DMARC issue, because unless your policy essentially
stipulates
> that the IETF is allowed to spoof you, we're stuck.
If, when sending to ietf(_at_)ietf(_dot_)org, taugh.com knew that it was a
mailing list,
then it could include, in the message, a signed delegation saying that it was
okay for *this message* for ietf.org to impersonate him.
This is a simple application of cryptographic methods. Keynote and SPKI
(and I think SASL) define ways to do this.
--
Michael Richardson <mcr+IETF(_at_)sandelman(_dot_)ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
pgpI8ZmBF85GH.pgp
Description: PGP signature