On 17 April 2014 11:50, Yoav Nir <ynir.ietf@xxxxxxxxx> wrote:
Then perhaps this is what needs to change. John R Levine did not send you a message. He sent a message to the list. It is the list software that sent you a message. So perhaps the From field should have been “From: IETF Mailing list on behalf of John R Levine <ietf@xxxxxxxx>”. The Reply-To could be set to either John’s real address or the mailing list address, depending on what we think users mean when they click “Reply” - reply to John or reply to the list.
What you're changing there, as Martin Rex hints, is not the semantics of mailing lists, but the semantics of RFC 822 and successors. I could go along with this if RFC 5322 were demonstrably broken; but in practise, it's not.
John R Levine, in this instance, did indeed not send me the message - which is why the Sender header field doesn't have his name or email address present.
He did, however, write the message, which is why the From header field does.
If you want explicit handling, what we'd need to do is individually (and visibly) authenticate each transaction - this has knock-on effects in how we handle blind carbon-copies (in particular, we'd need to send them as a separate transaction). This has some nasty implications for unsuspecting MUAs; but some MUAs do this anyway for other related reasons. Also, I suspect this model would have serious implications for DMARC - that is, I don't think it fits the DMARC model closely enough to satisfy even "minimal" changes to the deployed base.
But what this would do, loosely, is have a verifiable chain of Levine->list; list->me. I would then look at the policies for Levine, and for the list, and somehow combine them to a decision.
Dave.