Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

[Alessandro Vesely <vesely@tana.it>]

On Tue 02/Jun/2020 19:00:55 +0200 Dave Crocker wrote:
> On 6/2/2020 9:44 AM, Jesse Thompson wrote:
>> I'm relaying these DMARC questions/concerns on behalf of an email admin at
>> another university.  [...]
>>
>> "
>> I don't see on the list of issues the most fundamental problem of DMARC,
>> namely that it conflicts with RFC 5322 on the use of the From and Sender
>> header fields [1] and possibly with RFC 6326 as to the significance of DKIM
>> fail [2].  The former is the more serious problem. Making DMARC alignment
>> part of a standard for Internet messages requires a revision of RFC 5322. I'd
>> love to see this resolved.
> 
> [...]
> 
> DMARC enforcement requires that the DKIM/SPF domain be the same as the author
> From:.  That is, the folk doing email operations have to be able to sign the
> DMARC aligned domain.
> 
> Hence the From: field is now really the Sender: field.  The From: field fixup
> hacks that are needed by intermediaries, to avoid DMARC-based rejections, makes
> this fact painfully clear, even as they serve to undermine recipient use of the
> From field for author-related message management.
> 
> [...]
> 
> The only suggestion I've been able to formulate is:  create a new field, such
> as Author:.


+1, that's the proper way to fix the issue Jesse relayed.

Re-senders who rewrite From: should copy its value to Author: unless such field
is already present.

MUAs should be discouraged from displaying or using Author:, unless
(verifiably) signed by a trusted domain or otherwise configured by the user.


> (Give it a simple, clean, appropriate name, rather than something like
> Original-From.)


Yes, and let's note that the issue is so fundamental that solving it also
solves the long-standing problem of how to standardiz mailing lists behavior
with DMARC.


Best
Ale
--