[dmarc-discuss] MLM and Header-From rewritting - the SMTP open-relay analogy
jgomez at seryrich.com
Fri Jun 6 13:59:02 PDT 2014
I cannot stop thinking that the push-back against MLMs rewriting the Header-From is akin to the push-back of about 28 years ago from some people against the move to consider SMTP open-relays harmful.
Closing SMTP open-relays impedes open and unrestricted email communication, they said, and it was true. Having SMTP open-relays is the way it has always been done, they said, and it was true. SMTP open-relays embody the original spirit and intent of the Internet, they said, and it was true.
But the reality is that there was a very bad problem in the real world, it was spam, and something had to be done about it. And it was done, and SMTP open-relays were eventually closed, and many people had to go through the process of adjusting to the new email scenario.
Now we hear that MLMs using the original remote sender in the Header-From is the way it has always been done, and it is true, that using the original remote sender in the Header-From is more useful for the final recipient, and it is true, that using the original remote sender in the Header-From is embodied in the Ten Commandments of the olden RFC, and it is true.
But, also now, the reality is that there is a very bad problem in the real world, it is phishing, and something as to be done about it. And it has been proposed, and works well to combat it, and its name is DMARC.
So will DMARC be the new "no-open-relays reality" of the email scene, and get adopted, even if that entails changing old email habits?
I hope so, and I hope that those who are collateral damage to DMARC finally adapt to the new email scenario -- for example, accepting to rewrite the Header-From in their MLMs traffic.
Crazy analogy? Apt analogy?
(I am already wearing my asbestos suit, so feel free to fire at your discretion.)
More information about the dmarc-discuss