Am Donnerstag, dem 30.12.2021 um 17:07 -0500 schrieb dove...@ptld.com: > > On 12-30-2021 10:35 am, Felix Zielcke wrote: > > > > But dovecot mailing list uses ARC Headers. > > And they seem to verify for me (using rspamd) > > > I have not fully studied ARC, but from briefly looking isn't ARC just > a way for the sending server to attest to the email it is relaying as > being legit? So if the sending server is a spam server couldn't it > lie and claim the mail is legit? If that is the case I'm not sure > what the point of ARC is, how does it prevent fraud? Its like asking > a liar if they are lying and taking their word for it. And i assumed > this is why ARC never really took off.
Spam senders can setup valid SPF + DKIM too. The only difference is a malicous relay could make ARC headers for e.g. microsoft.com even though DKIM didn't pass. So yeah you need more trust with ARC. But I think you can trust the dovecot mailing list server.
