Re: not really to do with Re: WG Review: Domain-based Message Authentication, Reporting & Conformance (dmarc)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Tue, Jul 15, 2014 at 09:06:55AM +0100, t.p. wrote:

> > > MUAs should expose message origin when different from author.
> >
> > Viktor,
> >
> > A fine idea, but, as a pragmatic engineer, I know that changes to an MUA
> > will take five, may be ten, years to achieve widespread deployment,
> > whereas changes to MTA could happen in a matter of weeks, if needs must.

> We could have started 5 years ago.  Better late than never.  The
> problem being tackled has no instant gratification solutions.
> Pretending the problem is simpler than it is has a way of coming
> back to bite you.  I've always held that no amount of sender origin
> authentication will save the clueless from themselves, any real
> protection is at the gateway, and the gateway sees all the headers.

> In the mean-time "citibank.com.dukhovni.org" will look plausible
> enough to the helpless and will not be foiled by DMARC.

> The expedient approach has not worked, it should have been done right
> long ago, and should still be done right in the present.

You know, I'm finding it difficult to argue with this.

I've long been a supporter of using From/Sender semantics, but I've also bought
into the assumption that current client behavior made use of these semantics
problematic.

But current client behavior also includes, in many cases, showing personal name
information and not addresses. Which renders the entire from domain
authorization check approach moot.

This has led people to suggest that we need to do something about validating
personal name information in From: header fields. This, along with all the
various schemes that are being proposed to work around the myraid issues with
third party message handling, increasingly looks to me like a tottering edifice
built of hack piled on hack piled on hack.

I think that at a minimum any change we propose needs to be compared against
the alternative of using the semantics defined for email 30+ years ago.

				Ned





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]