On Wed 30/May/2018 16:13:12 +0200 Roland Turner via dmarc-discuss wrote: > On 29/05/18 23:05, Alessandro Vesely via dmarc-discuss wrote: >> [...] which includes pretty much all mail sites. The latter is *not* a >> slow-moving data set. It grows steadily. > > Steady growth *is* slow movement.
Uh? I run a tiny mail site and get about 1.6 new domains per hour. It is much slower than light, but still too fast for an embedded list... Any global figure, anywhere? >>> 1: Granted, the list becomes a priority list for compromise attempts, much >>> as >>> happened with ESPs several years ago, but sudden spikes in volume can be >>> treated as suspicious anyway, so the benefit in compromising a small >>> forwarder >>> is limited. >> >> Spamtraps will also work well, as usual. However, no spam indicator implies >> that the upstream ARC chain is faked. In theory, for example, ARC would >> allow >> me to switch to forward-before-filter (maybe CPU happened to cost me more >> than >> bandwidth, say.) In that case, you would tend to classify me as a spammer >> and >> possibly suspect that my keys were compromised. How to maintain the list >> remains unclear. > > You've lost me: > > * If you're forwarding unfiltered email to receivers who are able to make > good use of ARC information, and assuming that they still trust you, then > there is no problem here: you just have lousy filters. > * If you're forwarding to people for whom either of those things is false, > then you're shooting yourself in the foot. > > Don't be a bad neighbour: filter to the best of your ability, but don't sweat > the rest. Your neighbours are most unlikely to appreciate your dumping cost > onto them if you do otherwise. 100% agreed. The example —admittedly somewhat stretched— was meant to highlight the difficulty of substantiating statements like "I trust these guys not to lie in ARC signing/sealing". Best Ale -- _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)