Re: Incoming SMTP in the year 2017 and absence of DKIM
As I see it, the problem isn't with DKIM, it's with the implementation of DMARC and other such filters. Almost all of them TEST THE WRONG FROM ADDRESS. They compare the Author's address (the header From: line) instead of the Sender's address, (the SMTP Mail From: transaction or Sender: header line). For personal mail, these are almost always the same, but for properly-functioning mailing lists, the Author address is the email address of the person submitting the posting to the mailing list, and the Sender address is the error-return ("bounce") address of the mailing list. If the filter checked the Sender address of mail instead of the Author address, mailing lists wouldn't be broken! - Brian On Wed, Nov 29, 2017 at 10:12:05AM -0800, Michael Thomas wrote:
I've been saying for years that it should be possible to create the concept of DKIM-friendly mailing lists. In such a case, you could have your nines. Until then, the best you can hope for is the list re-signing the mail and blaming the list owner instead.
Mike
On 11/29/2017 11:35 AM, Brian Kantor wrote:
As I see it, the problem isn't with DKIM,
I don't think DKIM is (the source of) /the/ problem per say. Rather I think it's a complication of other things (DMARC) that interact with DKIM.
it's with the implementation of DMARC and other such filters. Almost all of them TEST THE WRONG FROM ADDRESS. They compare the Author's address (the header From: line) instead of the Sender's address, (the SMTP Mail From: transaction or Sender: header line).
I believe it's more than just the implementation. The DMARC specification specifically calls out the RFC 5322 From: header. Further, RFC 7489, Appendix A, § 3 speaks directly to this.
If the filter checked the Sender address of mail instead of the Author address, mailing lists wouldn't be broken!
Perhaps. However I fear we would be facing an entirely new type of spam that used spoofed From: headers and perfectly legitimate Sender: headers (that also match the RFC 5321 SMTP FROM address.) See RFC 7489 § A.3.1 -- Grant. . . . unix || die
In article <20171129183535.GB18534@UCSD.Edu> you write:
As I see it, the problem isn't with DKIM, it's with the implementation of DMARC and other such filters. Almost all of them TEST THE WRONG FROM ADDRESS. They compare the Author's address (the header From: line) instead of the Sender's address,
Sigh. I have my differences with the people who designed DMARC but they are not stupid and they really do understand the relevant RFCs. Some of them even wrote some of those RFCs. The reason they look at the From: line is that's the one recipients see. The Sender: header was a nice idea but in practice, it's not useful. R's, John
Not old enough to have had an Executive Secretary processing your incoming snail-mail before it gets to you? The "envelope" in which a letter arrived is just as important as the letter itself and contains valuable information that is duplicated in e-mail -- the postmark (received headers), the return address (mail from); and, the delivery address (mail to). It was an offense to discard the envelope in which correspondence arrived since it is used to determine the validity of the snail mail. Current e-mail clients are comparable to having a secretary that throws out the envelope and snips off most of the inside addressing information and delivers only the heavily redacted letter so that no determination of its validity is possible. --- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of John Levine Sent: Wednesday, 29 November, 2017 14:28 To: nanog@nanog.org Subject: Re: Incoming SMTP in the year 2017 and absence of DKIM
In article <20171129183535.GB18534@UCSD.Edu> you write:
As I see it, the problem isn't with DKIM, it's with the implementation of DMARC and other such filters. Almost all of them TEST THE WRONG FROM ADDRESS. They compare the Author's address (the header From: line) instead of the Sender's address,
Sigh. I have my differences with the people who designed DMARC but they are not stupid and they really do understand the relevant RFCs. Some of them even wrote some of those RFCs.
The reason they look at the From: line is that's the one recipients see. The Sender: header was a nice idea but in practice, it's not useful.
R's, John
In article <11e9c18dac053c4bb91b95a4993c116f@mail.dessus.com> you write:
Not old enough to have had an Executive Secretary processing your incoming snail-mail before it gets to you?
Probably about the same age as you, but I hope that after 50 years of e-mail we have figured out that the parallels with paper mail are imperfect. The e-mail envelope is a metaphor, you know. R's, John
participants (4)
-
Brian Kantor
-
Grant Taylor
-
John Levine
-
Keith Medcalf