On 6 May 2022, at 3:48, Dan Mahoney via mailop wrote: > If you’re already doing DKIM and SPF anyway, arc is another milter in the > chain that gives you that benefit. (You want it after your DKIM and DMARC > validators). You can leverage your same DKIM keys to use arc (or a different > one), but it’s largely the same idea. Right now nobody is validating arc, but > this is largely because nobody’s signing/sealing with it…because nobody is > validating it…because nobody is signing/sealing with it….someone needs to > move first.
I think there's slightly more at play. Besides "trusting" the big ones, how would gushi.org know that it can trust libertad.link's ARC signatures? Or posed in a different way, what prevents spammer.co to make a false attestation to send spam made to look like it was sent from some innocent bystander? How do we make this scale? I think the response to those issues are in part the cause for the loop you cleverly explained before. Best regards -lem _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
