On 08 Apr 2015 20:12:46 EDT, "John R Levine" <jo...@taugh.com> wrote:
> > Assuming the schemes in those drafts worked, both cases have a valid > > list-whatever signature AND a valid author signature, AND you know the (a) > > or (b) added bit is solely the responsibility of the list (and, conversely, > > you also know where the original content starts and ends). Nobody's saying > > it's safe in any case, but you do know who did what, and that's more than > > we know today. > > Indeed, but I don't see why it's useful. If you're going to run stuff > through content filters anyway, what's the point? This sounds like it's > going to reduce to mostly whitelisting well behaved remailers, which is an > approach we know large systems aren't likely to use. But surely you're going to run all DMARC-OKed mail through content filters, too. The person in charge of your domain's DNS servers can't really assure me of anything except that the message I'm receiving came from your domain. Almost all the phishing and spam I see comes from compromised, legitimate, DMARC-certifiable sources. Maybe I'm safe rejecting unmediated mail that fails DMARC with p=reject, but everything else goes through content filters. So why is DMARC any more useful than these "hacks"? MJA _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
