On Wed, Mar 22, 2023 at 11:29 AM Murray S. Kucherawy <superu...@gmail.com> wrote:
> On Sun, Mar 19, 2023 at 11:04 PM Emanuel Schorsch <emschorsch= > 40google....@dmarc.ietf.org> wrote: > >> In my mind, there are two important things I would like to see achieved: >> >> 1) Distinguish indirect from direct flows (encode in some way which >> server / mailingList the original DKIM message was intended to come from). >> This is needed for domains that aren't easily identifiable as direct flows >> (SPF isn't aligned by DKIM in the direct case). >> > > Wasn't ARC meant to solve this? What have the results been? > ARC has the same challenge that DKIM has when it comes to replay. How do I know if this is direct mail or indirect mail? Which set of IPs should I expect the direct mail to be sent from? ARC allows forwarders to record/preserve authentication status but the same valid ARC headers can be sent millions of times from all kinds of different servers. > > >> 2) Give more info to identify benign indirect flows (E.g. "forwarded on >> behalf of"). This is helpful for recognizing a recipient's desired indirect >> flows. >> > > I'm pretty sure this is easily spoofed. So is any sort of tagging or > header field manipulation mechanism. The spammer just needs to make its > mail look sufficiently like something you consider legitimate, and they're > in. > That is why it would be nice to see a solution less trivially spoofable than existing forwarding headers (e.g. X-Forwarded-For). If, for example, forwarded-for is recorded in the ARC header, then you can restrict yourself to trusting a specific pair of "forwarded-for" and ARC sealer, which is much more trustworthy than the header alone. But, even an easily spoofable header is still useful. Easily spoofable means that it doesn't provide much protection against phishing, but it does make it substantially harder to scale for spam. Most people will have a limited set of sources which they receive indirect mail for, and those will vary widely between people. So if spammers, for the Forwarded-For header, need to get the right value per recipient it makes automating to a huge scale much more difficult. > -MSK > _______________________________________________ > Ietf-dkim mailing list > Ietf-dkim@ietf.org > https://www.ietf.org/mailman/listinfo/ietf-dkim >
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
