Re: [dmarc-ietf] Identification of an email author (was - Re: IETF Mailing Lists and DMARC)
Franck Martin <franck@peachymango.org> Mon, 07 November 2016 23:23 UTC
Return-Path: <franck@peachymango.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2F9E129BCD; Mon, 7 Nov 2016 15:23:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=peachymango.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dl1hHxmRwJeV; Mon, 7 Nov 2016 15:23:53 -0800 (PST)
Received: from zmcc-5-mx.zmailcloud.com (zmcc-5-mx.zmailcloud.com [192.198.93.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 935EA129BC8; Mon, 7 Nov 2016 15:23:36 -0800 (PST)
Received: from zmcc-5-mta-1.zmailcloud.com (127.37.197.104.bc.googleusercontent.com [104.197.37.127]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by zmcc-5-mx.zmailcloud.com (Postfix) with ESMTPS id B7353520212; Mon, 7 Nov 2016 18:23:35 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by zmcc-5-mta-1.zmailcloud.com (Postfix) with ESMTP id 624CFC2411; Mon, 7 Nov 2016 17:23:35 -0600 (CST)
Received: from zmcc-5-mta-1.zmailcloud.com ([127.0.0.1]) by localhost (zmcc-5-mta-1.zmailcloud.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id HMxk3E-4XRtp; Mon, 7 Nov 2016 17:23:33 -0600 (CST)
Received: from localhost (localhost [127.0.0.1]) by zmcc-5-mta-1.zmailcloud.com (Postfix) with ESMTP id CE14EC248A; Mon, 7 Nov 2016 17:23:33 -0600 (CST)
DKIM-Filter: OpenDKIM Filter v2.9.2 zmcc-5-mta-1.zmailcloud.com CE14EC248A
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=peachymango.org; s=61F775A4-4A7F-11E4-A6BB-61E3068E35F6; t=1478561013; bh=Tg5YPQ/9TxDbgq83mDJz8P/5zNLBE1VlDtQ3cc82g9Q=; h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type: Content-Transfer-Encoding; b=GGcNHVC8Z3UoFdT6XoCQnr4ORNqxx4OQKXFSqXvwRdQUhzRACDgmlNpjtxcNQ2SUE 2WURZ4U49juRo8D40vlAE9SKkoxD0wjzKxD3b61GxtmCMZdEZJVtHdT0g0kDAn4LtI r04tCyu542hBCXIpg9b2LhnAbx05pQIgCUO2AUGc=
X-Virus-Scanned: amavisd-new at zmcc-5-mta-1.zmailcloud.com
Received: from zmcc-5-mta-1.zmailcloud.com ([127.0.0.1]) by localhost (zmcc-5-mta-1.zmailcloud.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id WVWjMFi37n-z; Mon, 7 Nov 2016 17:23:33 -0600 (CST)
Received: from zmcc-5-mailbox-1.zmailcloud.com (zmcc-5-mailbox-1.zmailcloud.com [10.240.0.12]) by zmcc-5-mta-1.zmailcloud.com (Postfix) with ESMTP id A7443C23FD; Mon, 7 Nov 2016 17:23:33 -0600 (CST)
Date: Mon, 07 Nov 2016 17:23:33 -0600
From: Franck Martin <franck@peachymango.org>
To: dcrocker <dcrocker@bbiw.net>
Message-ID: <460339986.19029473.1478561013458.JavaMail.zimbra@peachymango.org>
In-Reply-To: <WM!fa1df0b3499ebffb6af13b0aa7daba982511fae9c686131a51b99f5e583e2527c453cc0c69724be95ce4afc16c11e342!@mailstronghold-3.zmailcloud.com>
References: <678C2FBA-A661-4556-A300-5C08562B5F8A@iii.ca> <CO2PR00MB0103566D260F9BFEC7166C9B96A20@CO2PR00MB0103.namprd00.prod.outlook.com> <5FA03832-D38F-47F2-B974-7C903C7513FD@fugue.com> <CO2PR00MB01034350A8C90A1E039336F796A20@CO2PR00MB0103.namprd00.prod.outlook.com> <WM!9664810c615567bf070fc649d954183e561aaa67977ebde37433238a98da7930f34ca08db8c430e48500f1e63f6d7622!@mailstronghold-1.zmailcloud.com> <713098835.18678872.1478547678821.JavaMail.zimbra@peachymango.org> <969d43d4-78c9-6e44-e186-ca6ed6fa3445@dcrocker.net> <WM!fa1df0b3499ebffb6af13b0aa7daba982511fae9c686131a51b99f5e583e2527c453cc0c69724be95ce4afc16c11e342!@mailstronghold-3.zmailcloud.com>
Subject: Re: [dmarc-ietf] Identification of an email author (was - Re: IETF Mailing Lists and DMARC)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Mailer: Zimbra 8.6.0_GA_1194 (ZimbraWebClient - FF49 (Mac)/8.6.0_GA_1194)
Thread-Topic: Identification of an email author (was - Re: IETF Mailing Lists and DMARC)
Thread-Index: 64e06B0gZM2UZeRnR9+xHVStAJg6OQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/f_5wqErbUF77pb2JCtP8t0infqQ>
Cc: dmarc@ietf.org, IETF <ietf@ietf.org>, Terry Zink <tzink@exchange.microsoft.com>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Nov 2016 23:23:55 -0000
----- Original Message ----- > From: "Dave Crocker" <dcrocker@gmail.com> > To: "Franck Martin" <franck@peachymango.org>, "Terry Zink" <tzink@exchange.microsoft.com> > Cc: dmarc@ietf.org, "Ted Lemon" <mellon@fugue.com>, "IETF" <ietf@ietf.org> > Sent: Monday, November 7, 2016 2:46:54 PM > Subject: Re: [dmarc-ietf] Identification of an email author (was - Re: IETF Mailing Lists and DMARC) > On 11/7/2016 11:41 AM, Franck Martin wrote: >> The EAI WG found it was fine to remove the obligation to have an email >> address part in the mandatory RFC5322.From header, leaving only the >> display part to assert the original author. > > We had that relaxed permission for From:, in the original > From/Sender/Reply-to specification of rfc733, with the requirement that > there be a Sender: email address. It looks like we removed it for rfc822. > > And while I recall something of the EAI discussion, I'm not recalling > this permission's being returned. Nor am I finding it in rfc6854: > > https://tools.ietf.org/html/rfc6854#section-2 > > So, please point to the formal specification that permits a From: field > to have no email address. > I'm not great at ABNF, so please bear with me. My understanding is that RFC proposes the following change: from = "From:" mailbox-list CRLF TO from = "From:" (mailbox-list / address-list) CRLF They are defined by: mailbox-list = (mailbox *("," mailbox)) / obs-mbox-list address-list = (address *("," address)) / obs-addr-list furthermore: address = mailbox / group mailbox = name-addr / addr-spec name-addr = [display-name] angle-addr angle-addr = [CFWS] "<" addr-spec ">" [CFWS] / obs-angle-addr group = display-name ":" [group-list] ";" [CFWS] display-name = phrase mailbox-list = (mailbox *("," mailbox)) / obs-mbox-list address-list = (address *("," address)) / obs-addr-list group-list = mailbox-list / CFWS / obs-group-list So if you follow the fact that the new from can contain an address list, and that an address can be either a mailbox or a group and that a group can be 'undisclosed sender:;' So you could find an email with the following header From: undisclosed sender:; and that would be ok as per rfc6854 Note the security consideration in same RFC that "discourages" the use of the group syntax, but as a receiver, I would claim, this increases the level of secret sauce to apply to evaluate an email...
- Re: IETF Mailing Lists and DMARC Dave Crocker
- IETF Mailing Lists and DMARC Cullen Jennings
- Re: IETF Mailing Lists and DMARC John Levine
- Re: IETF Mailing Lists and DMARC Ted Lemon
- Re: IETF Mailing Lists and DMARC John Levine
- RE: IETF Mailing Lists and DMARC MH Michael Hammer (5304)
- RE: IETF Mailing Lists and DMARC John R Levine
- Re: IETF Mailing Lists and DMARC Ted Lemon
- Re: IETF Mailing Lists and DMARC John Levine
- Re: IETF Mailing Lists and DMARC Dave Crocker
- Re: IETF Mailing Lists and DMARC Ted Lemon
- Re: IETF Mailing Lists and DMARC Paul Hoffman
- Re: IETF Mailing Lists and DMARC John C Klensin
- Re: IETF Mailing Lists and DMARC Ted Lemon
- Re: IETF Mailing Lists and DMARC Michael Richardson
- Re: IETF Mailing Lists and DMARC Yoav Nir
- Re: IETF Mailing Lists and DMARC Ted Lemon
- Re: IETF Mailing Lists and DMARC Yoav Nir
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Hector Santos
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Dave Crocker
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Brandon Long
- Re: IETF Mailing Lists and DMARC Cullen Jennings
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Cullen Jennings
- Re: IETF Mailing Lists and DMARC S Moonesamy
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Brian E Carpenter
- Re: IETF Mailing Lists and DMARC John Levine
- Re: IETF Mailing Lists and DMARC John Levine
- Identification of an email author (was - Re: [dma… Dave Crocker
- Re: IETF Mailing Lists and DMARC Ted Lemon
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Theodore Ts'o
- RE: [dmarc-ietf] IETF Mailing Lists and DMARC Terry Zink
- Re: IETF Mailing Lists and DMARC John Levine
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Theodore Ts'o
- Next step on IETF Mailing Lists and DMARC Alexey Melnikov
- Re: IETF Mailing Lists and DMARC Bob Hinden
- RE: IETF Mailing Lists and DMARC MH Michael Hammer (5304)
- Re: IETF Mailing Lists and DMARC Ted Lemon
- RE: [dmarc-ietf] IETF Mailing Lists and DMARC Terry Zink
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Andrew G. Malis
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Steve Atkins
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Andrew G. Malis
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Theodore Ts'o
- Options for temporary operational solution to DMA… Ted Lemon
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Brandon Long
- Re: [dmarc-ietf] Identification of an email autho… Brandon Long
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Franck Martin
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Hector Santos
- Re: Options for temporary operational solution to… Andrew G. Malis
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC John C Klensin
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Ted Lemon
- Re: IETF Mailing Lists and DMARC Michael Richardson
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Michael Richardson
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Michael Richardson
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC John C Klensin
- Re: Options for temporary operational solution to… John Leslie
- RE: [dmarc-ietf] Identification of an email autho… Terry Zink
- Re: Options for temporary operational solution to… Toerless Eckert
- Re: [dmarc-ietf] Identification of an email autho… Ted Lemon
- Re: Options for temporary operational solution to… John Levine
- RE: [dmarc-ietf] Identification of an email autho… Terry Zink
- Re: Options for temporary operational solution to… Ted Lemon
- RE: [dmarc-ietf] IETF Mailing Lists and DMARC Christian Huitema
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Brian E Carpenter
- Re: Options for temporary operational solution to… Michael Richardson
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Michael Richardson
- Re: Options for temporary operational solution to… Dave Crocker
- Re: [dmarc-ietf] Identification of an email autho… Franck Martin
- Re: [dmarc-ietf] Identification of an email autho… Khaled Omar
- Re: [dmarc-ietf] Identification of an email autho… S Moonesamy
- Re: [dmarc-ietf] IETF Mailing Lists and DMARC Brandon Long
- Re: [dmarc-ietf] Identification of an email autho… Dave Crocker
- Re: [dmarc-ietf] Identification of an email autho… Dave Crocker
- Re: [dmarc-ietf] Identification of an email autho… ned+ietf
- Re: [dmarc-ietf] Identification of an email autho… Franck Martin
- Re: [dmarc-ietf] Identification of an email autho… Dave Crocker
- Re: [dmarc-ietf] Identification of an email autho… John C Klensin
- Re: [dmarc-ietf] Identification of an email autho… Brandon Long