RE: dmarc damage, was gmail users read on... [bozo subtopic]

["MH Michael Hammer (5304)" <MHammer@ag.com>]

> -----Original Message-----
> From: ietf [mailto:ietf-bounces@ietf.org] On Behalf Of Christian Huitema
> Sent: Friday, September 12, 2014 1:34 AM
> To: Doug Barton; ietf@ietf.org
> Subject: RE: dmarc damage, was gmail users read on... [bozo subtopic]
> 
> >>>> I've collected all of the DMARC workarounds I know on the ASRG wiki:
> >>>>
> http://wiki.asrg.sp.am/wiki/Mitigating_DMARC_damage_to_third_party_
> >>>> mail
> >
> > Two responses to that, in no particular order of importance:
> >
> > 1. So you said, and yet the mere existence of that page out on the
> > intertubez has (oddly enough) not yet spurred the secretariat into action.
> 
> The big change with DMARC is a deprecation of the Sender/From
> differentiation, effectively requiring that these two will be the same. It
> seems that big systems have voted that the differentiation causes more
> harm (spam, phish) than good (remailers).
> 

This is actually not quite true. If the Sender and the From are in the same domain then there is no problem. It becomes an issue when the Sender and the From are different domains. DMARC does not care about the LHS of the email address (whether it is DKIM signing or SPF validation).

> Of the responses listed, the one that clearly works is to ask forwarders to
> forward messages, what the wiki calls "message wrapping." It works in the
> sense that the mail system sees consistent headers that pass all verifications,
> and represent the actual action of the remailer while not relying on
> Sender/From differences.
> 
> At that point, the issue is mostly with the UI. If my reader did recognize the
> "simple forwarding" case from "authorized remailers," then the message
> wrapping solution would be just fine. The good thing is that it is very much
> under my control.
> 
> -- Christian Huitema
> 

Mike