On Fri, Sep 12, 2014 at 05:34:06AM +0000, Christian Huitema wrote:
The big change with DMARC is a deprecation of the Sender/From
differentiation, effectively requiring that these two will be the
same. It seems that big systems have voted that the differentiation
causes more harm (spam, phish) than good (remailers).
Of the responses listed, the one that clearly works is to ask
forwarders to forward messages, what the wiki calls "message
wrapping." It works in the sense that the mail system sees
consistent headers that pass all verifications, and represent the
actual action of the remailer while not relying on Sender/From
differences.
At that point, the issue is mostly with the UI. If my reader did
recognize the "simple forwarding" case from "authorized remailers,"
then the message wrapping solution would be just fine. The good
thing is that it is very much under my control.
But unfortunately, once the UI recognizes this case, would we not be
imposing harm vis-a-vis phishing in particular? And then DMARC Mark
II (as it were) would have to prohibit the wrapping and require a wrap
of a wrap, etc.
There's no way of winning this. But if we are going to go down this
path, it would be useful to discuss what the UI would look at that
meets the needs of mailing lists, but without potential harm of
phishing.
-Ted