On 11/23/2020 7:38 AM, Todd Herr wrote:
On Mon, Nov 23, 2020 at 9:50 AM Joseph Brennan <[email protected]
<mailto:[email protected]>> wrote:
On Sat, Nov 21, 2020 at 7:14 PM John Levine <[email protected]
<mailto:[email protected]>> wrote:
This also means that ARC isn't useful if you don't have a
reputation
system to tell you where the lists and other forwarders
that might add
legit ARC signatures are.
And if you know which hosts are legit mailing lists or forwarders,
you already know what ARC would tell you.
I believe, though, that the intent of ARC is that it be scalable in
ways that manual enumeration of known legit mailing lists and
forwarders is not.
"if you know which hosts are legit" buries an assumption that is
problematic, namely that you know who handled the message. The fack
that a message purports to be handled by a mailing list you trust does
not mean it actually was.
That's the issue that ARC resolves.
ARC (and DKIM) produce noise-free uses of identifiers. If the
authentication validates, the receiver knows is really was handled by
who is saying it was handled by. Without these, you don't.
d/
--
Dave Crocker
[email protected]
408.329.0791
Volunteer, Silicon Valley Chapter
American Red Cross
[email protected]
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
