On Thu, Jul 17, 2014 at 12:57 PM, Martin Rex <mrex@xxxxxxx> wrote:
Only the most clueless MUA programmers got this wrong in the first place.
Isn't that most of them?
>From a probability standpoint, now counting on those to (a) take the
blame and (b) get it right this time may be somewhat optimistic.
I rather agree there.
The main problem that I have is DMARC, is that the approach is
technically and morally wrong, and legally prohibited (=criminal)
in properly civilized countries.
Could you elaborate on why to the two "wrong" assertions?
A better approach would be for the final MTA to perform DMARC (DNS) lookups
and prepend the results as new, standardized header lines to the message,
and have the MUA process these new header lines and **suppress** displaying
of the "rfc5322-From:" for messages that are supposed to verify but don't.
The base draft supports the header lines suggestion. We're arguing in another thread about whether requiring specific MUA behavior in the face of a negative evaluation is a useful thing to pursue in an IETF document.
And DMARC reporting needs to be killed.
Could you elaborate on why? I only ask because some operators think the reporting is actually the more valuable thing DMARC has to offer, and you seem to have different information.
-MSK