Rhialto <rhialto%falu.nl@localhost> writes:
Personally, I would consider everything that changes my From: header
to be a misrepresentation and fraud.
Agreed, basically.
So SPF and DKIM are... not my favourites.
They aren't the problem.
DKIM is a signature put on by the sending domains MTA, and when the
message is modified, it correctly detects that problem.
SPF can be used to check that when a MAIL FROM identity is asserted
(envelope sender), that the sending domain is ok with it coming from
that address. Checking this can allow declining messages with forged
MAIL FROM.
The problem is the combination of
DKIM, and DKIM mandatory checking (DMARC)
mailinglists that modify the mail, to make it be something different
from what the sender sent (changing subject, adding junk at the end
and NetBSD's mailing lists do not have these modification problems.
(This is not surprising; NetBSD has a culture of good judgement. :-)
The next problem is that when mailinglists are modifying mail and
running to DMARC issues, a typical response is to forge more headers,
rather than refraining from modifying the message.