On 9/12/2014 8:35 AM, MH Michael Hammer (5304) wrote:
From: ietf [mailto:ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of Christian
Huitema
...
The big change with DMARC is a deprecation of the Sender/From
differentiation, effectively requiring that these two will be the same. It
seems that big systems have voted that the differentiation causes more
harm (spam, phish) than good (remailers).
This is actually not quite true. If the Sender and the From are in the same
domain then there is no problem. It becomes an issue when the Sender and the
From are different domains. DMARC does not care about the LHS of the email
address (whether it is DKIM signing or SPF validation).
In semantic terms, Christian's analysis is exactly correct.
The fact that there might be some scenarios where things are not
operationally problematic is a distraction, rather than meaningful to
the analysis.
By definition, p=reject enforces a semantic that requires the owner of
the rfc5322.From domain to have a relatively tight relationship with the
operator sending the message.
IMO, it's quite reasonable to characterize this as conflating From: and
Sender:.
What tends to be missed, throughout all of the discussions about dealing
with the effect on intermediaries such as mailing lists, is that most or
all of the mechanisms being discussed for intermediaries will work
equally well for bad actors...
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net