Incoming SMTP in the year 2017 and absence of DKIM
Grant Taylor
gtaylor at tnetconsulting.net
Wed Nov 29 21:27:28 UTC 2017
On 11/29/2017 11:35 AM, Brian Kantor wrote:
> As I see it, the problem isn't with DKIM,
I don't think DKIM is (the source of) /the/ problem per say. Rather I
think it's a complication of other things (DMARC) that interact with DKIM.
> it's with the
> implementation of DMARC and other such filters. Almost all
> of them TEST THE WRONG FROM ADDRESS. They compare the Author's
> address (the header From: line) instead of the Sender's address,
> (the SMTP Mail From: transaction or Sender: header line).
I believe it's more than just the implementation. The DMARC
specification specifically calls out the RFC 5322 From: header.
Further, RFC 7489, Appendix A, § 3 speaks directly to this.
> If the filter checked the Sender address of mail instead of the
> Author address, mailing lists wouldn't be broken!
Perhaps. However I fear we would be facing an entirely new type of spam
that used spoofed From: headers and perfectly legitimate Sender: headers
(that also match the RFC 5321 SMTP FROM address.) See RFC 7489 § A.3.1
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20171129/20914226/attachment.bin>
More information about the NANOG
mailing list