Re: [dmarc-ietf] Sender vs From Addresses

John Levine <johnl@taugh.com> Wed, 24 March 2021 20:21 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B8193A3558 for <dmarc@ietfa.amsl.com>; Wed, 24 Mar 2021 13:21:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.85
X-Spam-Level:
X-Spam-Status: No, score=-1.85 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=ZXIyB867; dkim=pass (2048-bit key) header.d=taugh.com header.b=RVzmrW5S
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lPlgbFRJ8FA3 for <dmarc@ietfa.amsl.com>; Wed, 24 Mar 2021 13:21:03 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F12343A3556 for <dmarc@ietf.org>; Wed, 24 Mar 2021 13:21:02 -0700 (PDT)
Received: (qmail 72259 invoked from network); 24 Mar 2021 20:20:59 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=11a3f.605b9f2b.k2103; bh=/F29yHDNeXmE5SDsNB36xSkT1ap/pW217L8CVeYB6jE=; b=ZXIyB8674t1Ai74csX/h9FNJ04o2INfsRKvsJMjKDmfSo62Xp+FiXtSzrkEfhOwc4IRa3usWM1kUtV8Nc8iQJkTsfad6jvKnIbUf+VO5M6mWE6d0nXqvJz+NvzrpFePcj7324UulrJLVdm3UjHbDozgv7ov4SFEqF5KF23guO8yD45XoLKgzpGmu5Cf/x3Tj9eorSgmvqg7vgDmDz0xbXvcuwL3lIpk4kaaEYasIv+8iSbUzdQJJNkGkjhzgxdakwyTInjdmM+if8k/UZZfQGWOV5sHsfrGYrRRhkw3QqKFwdPNk4q5SPr4Uuwtn7O7I1BV9mNBz6+iHT543pvdVYQ==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=11a3f.605b9f2b.k2103; bh=/F29yHDNeXmE5SDsNB36xSkT1ap/pW217L8CVeYB6jE=; b=RVzmrW5SGlF4JZIc3Fm81y8fNgHcDnfa3l+v2uTLKETlDpxaqjirlU5FjmaECp9M1P3rZGFjwq2Bug4+CuS/T1azUUbInpVX2IBSbgegcrxOB67GTbxRsCxspJujE7CPh6Pa0XpDOl7TRLBOJpL/fXL4fIZf0RgFSe+a3mG/41G1Z/AnZSs30gHlcmI1qBDtk/TYs7SoHXK+S7SIUkIkgnEZTGhpfzUlk+uaDbGvailejQHi3n51qG4OtRisCrUaiVcNeks7lcXo7x0kcnXzmf3Tr4x/dInYDmrCBmfmcesZsA0aj2tuAMfA8Np83REOVw2K+avV5aWny1g6OEMoHg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 24 Mar 2021 20:20:59 -0000
Received: by ary.qy (Postfix, from userid 501) id 91E777134D1B; Wed, 24 Mar 2021 16:20:58 -0400 (EDT)
Date: 24 Mar 2021 16:20:58 -0400
Message-Id: <20210324202058.91E777134D1B@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: dmarc@ietf.org
Cc: gelliot@mimecast.com
In-Reply-To: <F1E2D8D7-9978-4C4B-9FD7-AB6428D12789@contoso.com>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/fVqE5liNjj1ItxJJh1nl-cymU7Q>
Subject: Re: [dmarc-ietf] Sender vs From Addresses
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Mar 2021 20:21:09 -0000

It appears that Gren Elliot  <gelliot@mimecast.com> said:
>For better or worse, there is long established practice in the Calendaring community when implementing iMIP (rfc6047) when an
>assistant is working on behalf of a manager for the manager’s email address to populate the “From:” header and the
>assistant’s email address to populate the “Sender:” header.  Mailing software seems to go to lengths to follow this
>convention even when it doesn’t do so for other email messages “sent on behalf of”.  I assume this means that things will
>break somewhere if this convention isn’t followed for at least some peoples calendaring software.
>
>So, it looks like at the moment people will need to make a choice between enforcing DMARC and having calendaring software continue
>to function.

DMARC only looks at the domain part of the From header.  How often do the manager and assistant have e-mail addresses that
are not in the same domain?

>Surely it is possible to offer different levels of DMARC enforcement where there is a level that forces using the “From:”
>header and a newer level which follows the existing email standards for validating who the author is – i.e. use “Sender:” if
>present, else use “From:”?

I talk to people at large mail providers a lot, and I do not recall
this partiticular situation coming up as a problem, ever.  Do you have concrete
experience to the contrary?

The problem with keying DMARC to the sender is that if you believe that people look at the From
header, it turns DMARC into filtering based on the reputation of the DKIM or SPF identity.  Mail
providers already knew how to do that before DMARC existed.  Noting what Dave said, I'm not sure
how closely people look at the From header, but I do know that other than desktop Outlook, MUAs do not show
the sender at all.  Gmail and web Outlook don't.

R's,
John