On Tuesday, July 15, 2014 00:15:49 Viktor Dukhovni wrote:
> On Mon, Jul 14, 2014 at 04:47:19PM -0400, Scott Kitterman wrote:
> > > > However, DMARC is problematic for mail that does not flow from
> > > > operators having a relationship with the domain owner, directly to
> > > > receivers operating the destination mailbox. Examples of such
> > > > "indirect" flows are mailing lists, publish-to-friend
> > > > functionality,
> > > > mailbox forwarding (".forward"), and third-party services that send
> > > > on behalf of clients. The working group will explore possible
> > > > updates
> > > > and extensions to the specifications in order to address
> > > > limitations
> > > > and/or add capabilities. It will also provide technical
> > > > implementation guidance and review possible enhancements elsewhere
> > > > in
> > > > the mail handling sequence that could improve could DMARC
> > > > compatibility.
>
> This is a solved problem, the "Rfc822.Sender" field should have
> from the outset trumped the "Rfc822.From" field when determining
> message origin, and the DMARC policy should be that of the "Sender"
> domain. Some MUAs already expose "Sender != From" by displaying
> "From <sender> on behalf of <author>". This needs to become standard
> MUA behaviour.
I am coming around to the point of view.
FWIW, the text is from the proposed charter, I didn't write any of it.
Scott K