Dave Cridland <dave@xxxxxxxxxxxx> wrote:
> Right now, my MUA treats this as a message "From John R Levine <johnl@xxxxxxxxx
>> ". This means that any policy on the message origination comes from looking
> solely at the taugh.com domain. We'll pretend it has a DMARC policy. Herein
> lies the Yahoo/DMARC issue, because unless your policy essentially stipulates
> that the IETF is allowed to spoof you, we're stuck.
If, when sending to ietf@xxxxxxxx, taugh.com knew that it was a mailing list,
then it could include, in the message, a signed delegation saying that it was
okay for *this message* for ietf.org to impersonate him.
This is a simple application of cryptographic methods. Keynote and SPKI
(and I think SASL) define ways to do this.
--
Michael Richardson <mcr+IETF@xxxxxxxxxxxx>, Sandelman Software Works
-= IPv6 IoT consulting =-
Attachment:
pgpJGR567MbeH.pgp
Description: PGP signature