On Fri, Apr 18, 2025 at 11:10 AM Alessandro Vesely <ves...@tana.it> wrote:
> > Indeed so, but reputation systems (because once again to state the > > obvious, protocols cannot prevent bad email, but they can provide tools > > for handling it efficiently) may take the view that a brand-new identity > > that has acted as an intermediary to alter some email is not especially > > trustworthy... > > This position leads to ARC-style authentication, where one must trust that > the > changes are benign. > > DKIM2 has change tracking. Can't we tell whether a change is evil or not? > I'd put that question back to you: Short of pervasive deployment of RFC 3514, how does one classify, programmatically, whether a message mutation is evil? I can find a way to abuse each of the examples you provided. We need to be careful here to acknowledge that identifying what mutations might be acceptable isn't a matter of identifying "evil" so much as it is risk mitigation. Beyond that, here be dragons. -MSK
_______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
