On Tuesday, July 15, 2014 00:15:49 Viktor Dukhovni wrote:
On Mon, Jul 14, 2014 at 04:47:19PM -0400, Scott Kitterman wrote:
However, DMARC is problematic for mail that does not flow from
operators having a relationship with the domain owner, directly to
receivers operating the destination mailbox. Examples of such
"indirect" flows are mailing lists, publish-to-friend
functionality,
mailbox forwarding (".forward"), and third-party services that send
on behalf of clients. The working group will explore possible
updates
and extensions to the specifications in order to address
limitations
and/or add capabilities. It will also provide technical
implementation guidance and review possible enhancements elsewhere
in
the mail handling sequence that could improve could DMARC
compatibility.
This is a solved problem, the "Rfc822.Sender" field should have
from the outset trumped the "Rfc822.From" field when determining
message origin, and the DMARC policy should be that of the "Sender"
domain. Some MUAs already expose "Sender != From" by displaying
"From <sender> on behalf of <author>". This needs to become standard
MUA behaviour.
I am coming around to the point of view.
FWIW, the text is from the proposed charter, I didn't write any of it.
Scott K