--On Friday, May 11, 2018 15:31 -0500 Spencer Dawkins at IETF <spencerdawkins.ietf@xxxxxxxxx> wrote: >... >> (2) If someone receives a message whose envelope MAIL FROM and >> header "From:" fields show >> "alexey=40example.com@xxxxxxxxxxxxxx" >> and replies to it offlist without recognizing the convention >> or de-converting the address, I assume that dmarc.ietf.org >> will recognize its own convention, rewrite the message >> headers, and send it off to alexey@xxxxxxxxxxx. If it does >> not do that rewrite, then the message (or the copy addressed >> to him) bounces or gets lost, which is not necessarily a bad >> thing. If it does do the rewrite, it works even if the >> convention is changed to "alexey☺example.com@xxxxxxxxxxxxxx" >> as long as dmarc.ietf.org keeps track of all of the >> conventions it has used. It does raise a privacy concern >> that might or might not be important -- if I pick up Alexey's >> address (that one) for use in a private reply, having the >> message pass through IETF mail servers leaves traces (and >> possibly the message in clear-text form and that might not be >> desirable. >... > (2) is closest to what I was curious about - whether if we are > running =40 as the convention, and decide that =80 would be > twice as good (just kidding, I mean "any other value besides > =40"), and implement the new convention, if something good > would happen someone who replies to an e-mail that was > processed using the original convention. > So I was stumbling toward asking if we planned to remember old > conventions if we adopted a new one, and it sounds like if we > did remember old conventions, most of the > reply-to-old-convention e-mail would end up in the right > place, most of the time. > > Your explanation was helpful. And thanks for clues, as always. Glad to help. Incidentally, while my mini-analysis had not gotten that far, Victor is probably correct. If mail can actually be sent to "alexey=40example.com@xxxxxxxxxxxxxx" with the expectation of delivery to "alexey@xxxxxxxxxxx" we would need to either have a very complex filtering or validation system or we would basically have created an open relay (btw, another issue with the use of "%"). For that reason, it might actually be better to either refuse to accept incoming mail with dmarc.ietf.org as a nominal destination or to bounce all such mail with a message similar to 550 No such mailbox; this was a cheap hack to prevent DMARC problems with mailing list postings And just move on. I'm confident that those who worry about blowback and similar bad behavior would prefer the former. If that were the approach, it really wouldn't make any difference what conventions were used or how often they were changed as long as a competent human could manually decode them. best, john
