IETF Logo Mail Archive

Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields

Pete Resnick <resnick@episteme.net> Tue, 02 June 2020 19:32 UTC

Return-Path: <resnick@episteme.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D41C3A0F73 for <dmarc@ietfa.amsl.com>; Tue, 2 Jun 2020 12:32:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SFEboV5Ps_ol for <dmarc@ietfa.amsl.com>; Tue, 2 Jun 2020 12:32:12 -0700 (PDT)
Received: from episteme.net (episteme.net [216.169.5.102]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6F2F3A0F72 for <dmarc@ietf.org>; Tue, 2 Jun 2020 12:32:12 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by episteme.net (Postfix) with ESMTP id 057C9AF38861; Tue, 2 Jun 2020 14:32:09 -0500 (CDT)
Received: from episteme.net ([127.0.0.1]) by localhost (episteme.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KErlOaZ08GEF; Tue, 2 Jun 2020 14:32:06 -0500 (CDT)
Received: from [172.16.1.29] (episteme.net [216.169.5.102]) by episteme.net (Postfix) with ESMTPSA id 628C2AF38850; Tue, 2 Jun 2020 14:32:06 -0500 (CDT)
From: Pete Resnick <resnick@episteme.net>
To: Dave Crocker <dcrocker@gmail.com>
Cc: Brandon Long <blong@google.com>, dmarc@ietf.org
Date: Tue, 02 Jun 2020 14:32:05 -0500
X-Mailer: MailMate (1.13.1r5683)
Message-ID: <BFC81391-3601-412E-BE4E-58CC30609AA5@episteme.net>
In-Reply-To: <124145c8-c29c-142d-b4fe-2880a83dc417@gmail.com>
References: <DM5PR0601MB367115AD49513EAF3953716CF68B0@DM5PR0601MB3671.namprd06.prod.outlook.com> <18441e8d-cf87-053e-4957-7b9d6ea9690c@gmail.com> <CABa8R6s7Lh_nihfH4Y8=JFCDFL6T_iEd+dBf7C=iW+5S3K4i3A@mail.gmail.com> <1093905c-7556-ab65-ae9f-6c97d1707878@gmail.com> <46CF53B5-A7BD-4BF6-B8FA-AD83F7950B5D@episteme.net> <124145c8-c29c-142d-b4fe-2880a83dc417@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"; markup="markdown"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/vBV627YPNvq7jPq_WUD5Jde3SOs>
Subject: Re: [dmarc-ietf] DMARC alignment conflicts with RFC 5322 on the use of the From and Sender header fields
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2020 19:32:14 -0000

On 2 Jun 2020, at 13:29, Dave Crocker wrote:

> On 6/2/2020 11:12 AM, Pete Resnick wrote:
>> On 2 Jun 2020, at 13:01, Dave Crocker wrote:
>>
>>>> There's no reason that DMARC couldn't have included the sender or 
>>>> tried to have some kind of
>>>> PRA like spf v2... but that's not the goal.
>>>
>>>
>>> But the Sender: field is not reliably present and, of course, DMARC 
>>> needs an identifier that is reliably present.
>>
>> Dave, could you explain that? Coding-wise, there's surely no reason 
>> that an implementation can't say, "if 5322.sender is present then 
>> sender = 5322.sender else sender = 5322.from". So you could say that 
>> the identifier of sender is reliably present, since it's taken from 
>> 5322.from if 5322.sender isn't present. But maybe I'm missing 
>> something. Please explain.
>>
>
> Not sure what you are asking.  What I mean is that it isn't always 
> present.
>
> If Sender: contains the same address as From:, then Sender does not 
> have to be present, and often/usually isn't.

Well, that's the field, not its value.

> So when someone comes along and changes From: -- such as to hack 
> around the DMARC problem for intermediaries -- the semantic of the 
> Sender information is lost.

If you do change the From, you should always add a Sender. (Or is your 
point that implementer's don't, and that's the problem?)

What I'm missing is why the lack of an actual Sender: header field is 
problematic.

pr
-- 
Pete Resnick https://www.episteme.net/
All connections to the world are tenuous at best

v2.23.0 | Report a Bug | By Email