On 5/13/2018 7:50 AM, Alessandro Vesely wrote:
Just a couple of notes:
On Fri 11/May/2018 14:00:15 +0200 Alexey Melnikov wrote:
Below are some technical details on how the email address rewriting workaround is going to work:
Emails from domains that don't have a p=reject DMARC setting are not going to be affected in any way.
For emails from p=reject domains:
Some put p=reject; pct=0; for the sole purpose of having From: rewritten. The
principle of least surprise would suggest to apply rewriting uniformly.
At the very least, we should allow the declaring DMARC domain to
dictate/publish his intent specifically using a new tag in the domain
record, such as 'rewrite=allowed|1" or something directly specific to
this technical protocol intent.
I don't think pct=0 was it. It was not documented for such an
technical protocol intent so we shouldn't be inventing new meanings of
the existing tags. If we going to change code, then leverage the
opportunity and use a new specific tag,
I don't prefer rewriting at all. Once we "normalized" the 5322.From
rewriting, the long time DKIM issues may be finally done with, i.e.
ARC is less meaningful but in fact, DKIM itself becomes more
meaningless, if not already. The 5322.From is the only required hash
binding header for DKIM. Any transformations, including a rewrite
with a "X-Original-From" addition, should be reversible and verifiable.
We make email more complex by justifying 5322.From rewriting.
Thanks
--
HLS
