ietf
[Top] [All Lists]

Re: [IETF] DMARC methods in mailman

2016-12-26 08:49:35
On Sun, Dec 25, 2016 at 01:05:59PM -0500, Viktor Dukhovni wrote:

The need for email origin authentication to specify that "Sender" preempts
"From" has been well understood for a long time before there there was DMARC.
If there is to be a non-broken replacement, it must correct this design error
and place the "burden" of dealing with that on any MUAs that fail to display
Sender (as e.g. from <sender> on behalf of <author>).

But if MUA's do this, then it becomes trivial to phish consumers,
which was the original excuse for DMARC.  So if MUA's do this,
eventually Yahoo and the other big mail providers will promulgate a
non-standard "fix" that will bounce message with Sender lines that
aren't equal to the From field.   And then what will you do?

Hint: stop using mail providers that obey non-standard mail protocols,
because they *will* break you eventually, and/or randomly.

                                        - Ted