On 10/9/20 11:06 PM, Viktor Dukhovni wrote: > On Fri, Oct 09, 2020 at 10:59:33PM -0400, Demi M. Obenour wrote: > >> I love DKIM, but it should have been on the Sender header and not >> the From header. However, for that to work, MUAs would have had to >> display something like "f...@example.com claims that this message >> is from f...@example.com and b...@example.com", and they do not. > > Actually, Outlook does exactly that, and other MUAs would have come on > board if there was good cause to do that. At this point however, nobody > is investing much many in MUA development. All the $$$ are going into > walled-garden cloud webmail systems. :-(
Someone should probably file enhancement requests with other MUAs. And at least NeoMutt and Thunderbird are actively developed. >> That lead to the current design. > > You're perhaps confusing DKIM with DMARC. DKIM just signs the message > content and whatever headers it is configured to sign. It is mere > integrity protection, not policy. The signing domain is determined from > the selector and the "d" field in the DKIM header, and is not tied to > either From or Sender. > > DKIM is fine. The actual breakage is in DMARC. Sadly, it is too late to change DMARC. Hopefully we can add a new header that means what From once did. Doing away with DMARC isn't an option either, as it creates a massive security hole. Demi
OpenPGP_0xB288B55FFF9C22C1.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
