It appears that Hal Murray via mailop <halmurray+mai...@sonic.net> said: > >I expect that there would be a protocol to handle it. I can't be the only one >who has thought of this. After a handshke to set things up, the sender adds a >forwarding header and the receiver verifies that a forwarded message is coming >from an allowed IP Address then bypasses spam checking for that message. (but >not phish/malware checking???)
For your particular thing, I once asked someone from Google why they don't just whitelist mailing lists since they know where the lists are. They told me that the problem is that many lists do lousy filtering and all the time a real list will start leaking spam because someone's sending forged mail through it. So the point of ARC is to include enough info that the later recipient can do the filtering that the list didn't. For a likely example, it could allow messages that were DMARC aligned on the way into the list but not ones that weren't. There have been a lot of variations on that theme. I had a proposal for a "weak" DKIM signature that would usually be just on the From and Date and Message-ID headers, which is only valid if there is also a regular signature from a domain that the weak signature identifies. So you'd put your own weak signature which depended on a regular signature from the list: https://datatracker.ietf.org/doc/draft-levine-dkim-conditional/ Technically it could have worked but it'd be impossible to use since your DKIM signer would need a huge table of which destinations are lists and what signatures they'd use. R's, John _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
