On 25/05/18 19:00, Alessandro Vesely via dmarc-discuss wrote:
Wasn't this tried for SPF already?
A whitelist of "I trust these guys to make exactly the same
abuse-filtering decisions that I'd make" and a whitelist of "I trust
these guys not to lie in ARC signing/sealing" are two very different things:
* The former is somewhat imaginary and generally devolves to "I trust
these guys to filter abuse at or better than my ability to do so",
which essentially means a handful of big guys.
* The latter could readily include every existing mailing list
operator, and add new ones with minimal fuss.
Your question is a bit like asking whether DMARC p=reject hadn't been
tried for ADSP already. In both cases yes, but with the addition of a
small but vital component (feedback in DMARC's case, no dependence upon
upstream filtering in ARC's case) that has the potential to immensely
alter the outcome.
Assuming, for the sake of argument, that such a whitelist will be ready right
after ARC's availability, by that time most mailing lists will have adjusted
their From: rewriting so as to work smoothly with DMARC. Hence, by the "If it
ain't broke, don't fix it" principle, I see no likely looking mass adoption of
ARC+whitelist. What am I missing?
From the viewpoint of a lot of people[1], list handling very broken at
present. Also, the thousands of small forwarding cases which break DKIM
aren't ever likely to be fixed because in each case doing so would break
someone's expectation. ARC creates no dilemmas (contrast asserting or
honouring -all, o=-, discardable, or even p=reject), but allows the vast
majority of the small forwarding cases to be fixed, and mailing list
behaviour to be restored to its traditional form.
I do take your point that there's a fait accomplis risk, but I suspect
that there's enough residual pain on both fronts (indignation at
currently necessary list behaviour, smaller forwarding cases that just
break) that ARC's deployment will proceed. Whether we'll get to the
point where all MTA vendors recommend that ARC-signing be turned on
unconditionally (and the associated DNS gymnastics performed) is an open
question.
- Roland
1: I don't share this viewpoint, but accept it as a legitimate concern.
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
