Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC)

[Douglas Otis <doug.mtview@gmail.com>]

> On Mar 18, 2015, at 4:38 PM, Terry Zink <tzink@exchange.microsoft.com> wrote:
> 
>> Based upon the almost complete lack of interest of
>> bulk email providers at promoting a solution, it seems the path
>> forward is to define a new non-aligned header field able to retain the 
>> author role information, otherwise the From is likely overwritten as 
>> the only practical means of ensuring message acceptance in the face of 
>> provider DMARC (ab)use.
> 
> If bulk email providers have shown no interest in promoting a solution, why
> do we think they'd latch onto this new non-aligned header field as a solution?
> 
> -- Terry

Dear Terry,

Thank you for your comment.  This WG seems indicative of most bulk sender's
who often ask "How is DMARC's disruption of legitimate messaging a problem 
for me?" They are clearly not interested in preserving the social and civic 
benefits derived from open exchanges enabled by email affected by the DMARC 
(ab)use occurring against millions of users.

This is further evidenced by the current DMARC scheme that offers no strategy 
for preserving the role of Author for messages handled by various third-parties.  
Those operating a mailing-list are being forced to either reject a large 
percentage of their users, or replace the From header with what was likely to 
have been the Sender header field.  The identity of the Author becomes 
undefined and might be moved to the Reply-to or perhaps x-original-from header 
fields.

Unless DMARC defines a fallback policy which allows alignment with that of 
the Sender header field, the role of Author is placed at risk.  In such 
cases, defining a special "Non-Aligned From" header field could help better 
define where this role might be found in a message without it being
automatically displayed.  This header field might even offer provisions for
the tagging often found in the Subject header field.

Perhaps call this new header field "Author".  Since few MUAs are likely to 
display this header, only those that make extensive use of email that depends
on third-party services are likely to ensure it being displayed.  An
approach that would not require cooperation from Bulk senders, while still
allowing forums a means to track a history of who said what. 

Regards,
Douglas Otis

> -----Original Message-----
> From: dmarc [mailto:dmarc-bounces@ietf.org] On Behalf Of Douglas Otis
> Sent: Wednesday, March 18, 2015 3:41 PM
> To: Murray S. Kucherawy
> Cc: dmarc@ietf.org
> Subject: Re: [dmarc-ietf] Next steps for RFC 7489 (DMARC)
> 
> Dear DMARC WG,
> 
> Now that RFC7489 has been published, there remains several 
> unresolved problems this WG is charted to resolve, primarily--
> 1. Addressing the issues with indirect mail flows
> 
> These are reviewed by
> https://tools.ietf.org/html/draft-dmarc-interoperability-00
> 
> https://tools.ietf.org/html/draft-otis-dmarc-author-align-01
> was written to highlight possible solutions.
> 
> John Levine's recommendation that mailing-list operators take on 
> the costly burden of having their participants change their providers 
> is not practical.  Based upon the almost complete lack of interest of
> bulk email providers at promoting a solution, it seems the path
> forward is to define a new non-aligned header field able to retain the 
> author role information, otherwise the From is likely overwritten as 
> the only practical means of ensuring message acceptance in the face of 
> provider DMARC (ab)use.
> 
> By defining a new header field, this should reduce disparity in where to 
> find the author role than that caused by current ad hoc solutions.  Such 
> a definition would also better avoid downgrading 'reject' into 
> 'quarantine'.
> 
> Any thoughts?
> 
> Regards,
> Douglas Otis