[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Incoming SMTP in the year 2017 and absence of DKIM
- Subject: Incoming SMTP in the year 2017 and absence of DKIM
- From: gtaylor at tnetconsulting.net (Grant Taylor)
- Date: Wed, 29 Nov 2017 14:27:28 -0700
- In-reply-to: <[email protected]>
- References: <[email protected]>
On 11/29/2017 11:35 AM, Brian Kantor wrote:
> As I see it, the problem isn't with DKIM,
I don't think DKIM is (the source of) /the/ problem per say. Rather I
think it's a complication of other things (DMARC) that interact with DKIM.
> it's with the
> implementation of DMARC and other such filters. Almost all
> of them TEST THE WRONG FROM ADDRESS. They compare the Author's
> address (the header From: line) instead of the Sender's address,
> (the SMTP Mail From: transaction or Sender: header line).
I believe it's more than just the implementation. The DMARC
specification specifically calls out the RFC 5322 From: header.
Further, RFC 7489, Appendix A, § 3 speaks directly to this.
> If the filter checked the Sender address of mail instead of the
> Author address, mailing lists wouldn't be broken!
Perhaps. However I fear we would be facing an entirely new type of spam
that used spoofed From: headers and perfectly legitimate Sender: headers
(that also match the RFC 5321 SMTP FROM address.) See RFC 7489 § A.3.1
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20171129/20914226/attachment.bin>