Re: dmarc damage, was gmail users read on... [bozo subtopic]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It seems to me that the wrapped original mail could be signed by the
forwarding list processor so that the DMARC recipient would accept the
forwarded mail as coming from the forwarder and the ultimate MUA would
be able to verify that the wrapped messaged was indeed wrapped by the
forwarding list processor and transparently unwrap the original
email.

Since some list mail is re-forwarded along the path to the ultimate MUA,
this mechanism should support multiple layers of signed wrapping.

Dave Morris


On Sat, 13 Sep 2014, Sabahattin Gucukoglu wrote:

> On 12 Sep 2014, at 18:27, Dave Crocker <dhc@xxxxxxxxxxxx> wrote:
> > By definition, p=reject enforces a semantic that requires the owner of
> > the rfc5322.From domain to have a relatively tight relationship with the
> > operator sending the message.
> >
> > IMO, it's quite reasonable to characterize this as conflating From: and
> > Sender:.
> >
> > What tends to be missed, throughout all of the discussions about dealing
> > with the effect on intermediaries such as mailing lists, is that most or
> > all of the mechanisms being discussed for intermediaries will work
> > equally well for bad actors...
>
> Indeed.
>
> I wonder if it might not simply make more sense to warn users that the
> information in the header fields cannot be trusted once they have been
> remailed by an exploder of any kind.  This way, transparent MUA
> unwrapping of encapsulated list mail is a much more plausible solution
>
> Cheers,
> Sabahattin
>





[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]