> when dkim pass there is no breakage, but dkim fail can lead to in some setups > to make reject, even for maillists > that is a design fail on dkim
I disagree. DKIM is doing its job. It is a design fail on the part of most mailing list and/or lack of user's DKIM signatures. Look at it logically, DKIM is reporting that the email has been manipulated and isn't being delivered by the authorized server. Isn't that what you want out of DKIM? Detecting forged, phishing and spam email? If you want to get emails that have been captured by a man in the middle, manipulated, then sent to you from a hackers server then why bother setting up DKIM at all? To us humans, we don't conceptually view a mailing list as doing that, but on the technical level that is what is happening when DMARC breaks. It is possible for a mailing list to pass DMARC verification, but there doesn't seem to be a lot of motivation to put in the extra effort to make it work. Regarding ARC; I don't get it, i don't see it as useful. The only thing ARC does is tell you that the server sending you email promises the email is legit. How does that prevent spam/phishing when the attack server can ARC something saying trust me its legit? And the big 3 using ARC, so what, what does it even mean? Gmail is telling you yep they got that email from someone else and are relaying it to you. What does that solve? Spammers send through gmail accounts and use private domains relayed through gmail servers for delivery. Great, ARC confirms it really was someone who sent that spam through gmail and gmail really did deliver it. How is that useful in fighting spam? If im way off on that, feel free to set me straight.
