[ih] Correct name for early TCP/IP working group?

[Dave Crocker]

On 1/31/2025 4:46 PM, Brian E Carpenter via Internet-history wrote:
> But ISOC's choice is to
> rewrite the nominal sender of the mail to match the actual sender, i.e.
>    Jack Haverty via Internet-history <internet-history at elists.isoc.org>
> for your messages, so naturally they will not be signed by you when they
> reach subscribers. That's "doing it right" in the era of pervasive spam. 


1. It was not signed by him originally.  It was signed by his platform 
operator, on behalf of his email domain name owner.  The distinction is 
not minor.

2, The signature was intended to cover a single posting and a single 
delivery.  It work quite nicely for that.  The delivery was to the 
mailing list platform.  I.e, the addressee.  The problem is with 
expecting it to survive modifications to the message, by the mailing 
list, though that was never a design goal.  This expectation is because 
of DMARC and nothing else.

3.  DMARC was designed for simple, basic 'direct' transmissions from a 
bulk sender to immediate recipients.  It was never intended for broader 
use.  But some large consumer email providers repurposed it, causing the 
problem we have now.

4. ISOC's revision to the From: field -- which is a common practice now 
-- means that mail from Jack is seen by your email software as not from 
Jack.  So how it is sorted and threaded depends on how it got to you.  
Oh, and it means the field is not useful for replies.  So the Reply-To: 
field also is co-opted.

5. Your use of the word 'sender' is apt, because what this has done is 
to make the From: field actually serve as the Sender: field (cf, RFC 733).

6. There is now an Author: field defined in an RFC, as a means of 
stashing the actual author email address and have it survive the 
requisite mailing list corruption of the From: field.  To my knowledge, 
no one yet supports its use.

7. Best irony of all is that the mailing list modification of the From: 
field essentially and easily defeats DMARC, by bypassing it.

Oh, and DMARC's protection of the From: field has nothing to do with 
end-users, since most never see that address and those that do do not 
make anti-abuse decisions based on it.  They are tricked by the message 
content, not the message From:.

So abuse of the From: by having an unauthorized domain name is useful 
only as a matter of correlation, not because it is inherently useful.  
If protection against that correlational abuse is effective enough, 
abusers will simply stop using it.

And that won't affect volume or effectiveness of spam at all...

d/

-- 
Dave Crocker

Brandenburg InternetWorking
bbiw.net
bluesky: @dcrocker.bsky.social
mast: @dcrocker at mastodon.social