nanog mailing list archives
Re: Incoming SMTP in the year 2017 and absence of DKIM
From: Grant Taylor via NANOG <nanog () nanog org>
Date: Wed, 29 Nov 2017 14:27:28 -0700
On 11/29/2017 11:35 AM, Brian Kantor wrote:
As I see it, the problem isn't with DKIM,
I don't think DKIM is (the source of) /the/ problem per say. Rather I think it's a complication of other things (DMARC) that interact with DKIM.
it's with the implementation of DMARC and other such filters. Almost all of them TEST THE WRONG FROM ADDRESS. They compare the Author's address (the header From: line) instead of the Sender's address, (the SMTP Mail From: transaction or Sender: header line).
I believe it's more than just the implementation. The DMARC specification specifically calls out the RFC 5322 From: header.
Further, RFC 7489, Appendix A, § 3 speaks directly to this.
If the filter checked the Sender address of mail instead of the Author address, mailing lists wouldn't be broken!
Perhaps. However I fear we would be facing an entirely new type of spam that used spoofed From: headers and perfectly legitimate Sender: headers (that also match the RFC 5321 SMTP FROM address.) See RFC 7489 § A.3.1
-- Grant. . . . unix || die
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- RE: Incoming SMTP in the year 2017 and absence of DKIM, (continued)
- RE: Incoming SMTP in the year 2017 and absence of DKIM Keith Medcalf (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Michael Thomas (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Grant Taylor via NANOG (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Michael Thomas (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Grant Taylor via NANOG (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Chuck Anderson (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM John Levine (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Grant Taylor via NANOG (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM Grant Taylor via NANOG (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM John Levine (Dec 01)
- RE: Incoming SMTP in the year 2017 and absence of DKIM Keith Medcalf (Dec 01)
- Re: Incoming SMTP in the year 2017 and absence of DKIM John Levine (Dec 01)