On 11/29/2017 11:35 AM, Brian Kantor wrote:
As I see it, the problem isn't with DKIM,
I don't think DKIM is (the source of) /the/ problem per say. Rather I think it's a complication of other things (DMARC) that interact with DKIM.
it's with the implementation of DMARC and other such filters. Almost all of them TEST THE WRONG FROM ADDRESS. They compare the Author's address (the header From: line) instead of the Sender's address, (the SMTP Mail From: transaction or Sender: header line).
I believe it's more than just the implementation. The DMARC specification specifically calls out the RFC 5322 From: header. Further, RFC 7489, Appendix A, § 3 speaks directly to this.
If the filter checked the Sender address of mail instead of the Author address, mailing lists wouldn't be broken!
Perhaps. However I fear we would be facing an entirely new type of spam that used spoofed From: headers and perfectly legitimate Sender: headers (that also match the RFC 5321 SMTP FROM address.) See RFC 7489 § A.3.1 -- Grant. . . . unix || die