[ih] Email behavior (better subject ID...)
Steffen Nurpmeso
steffen at sdaoden.eu
Mon Sep 6 06:40:11 PDT 2021
dcrocker at bbiw.net wrote in
<000617d0-d4d5-0d3d-6a09-553de14d62a7 at dcrocker.net>:
...
|For author domains that publish a DMARC record -- and sometimes for all
|authors -- some/many mailing lists now patch the From: field to avoid
|rejection by final recipients. Mailing lists break DMARC validation.
|
|The hack is to change the From: field address, so it doesn't have the
|author's domain name, and to modify the display-name so it signals that
|a modification took place. They also create a Reply-to field (if there
|wasn't already one -- and sometimes even if there is -- adding the
|original author's address, so that recipients can still reply to the \
|author.
...
|The actual culprit is DMARC, which enforces authenticated From header
|field domain name use. If there is a DMARC record for that domain and
|the domain isn't authenticated, receiving systems might choose to reject
|the mail or handle it differentially.
|
|Authenticated? This is done by SPF or DKIM. SPF is the mechanism that
|'authorizes' sending MTAs. It validates for only one email hop. DKIM
|uses a digital signature mechanism on some of the message object. It
|works through regular email relaying, but pretty much never through
|mailing lists, which change some of the data that are part of the DKIM
|signature.
|
|There's a recent, added mechanism, called ARC, that is intended to
|mitigate this mailing list DMARC problem. We'll see how it fares.
And RFC 9057 which added the Author: header field that likely
would have avoided this obnoxious situation when it would have
been shipped alongside DMARC.
It felt it would be nice if the big players would bend their minds
and enforce it instead (..so much i added at least production
support for my tiny little MUA on June 23rd).
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
More information about the Internet-history
mailing list