On Tue, Jul 18, 2017 at 4:34 AM, Kurt Andersen <ku...@drkurt.com> wrote: > > Let's take ietf.org as an example. There are @ietf.org individuals and > then there are all the mailing lists. If IETF wished to assert to receivers > that all their mail was either mediated or came from designated internal > servers, how would they do that? >
I don't understand why this distinction matters. Either you send email that authenticates and gets delivered, or that fails authentication but is ARC signed and gets delivered. Everything else gets rejected or heavily scrutinized. Where would this distinction add clarity or prevent abuse? (I'm not saying it doesn't, just that I don't see it.) > We've suggested (during M3AAWG sessions) that smaller recipients can build >>> out a whitelist of "commonly seen" mediators, but might there be value in >>> having a mediator publish some sort of DNS record that would indicate that >>> they ARC seal mediated traffic? (We're deeming this not to be a problem for >>> "big" receivers on the basis that they probably already know most of the >>> major mediators within their traffic streams.) >>> >> >> This is not why the white list exists. The white list exists as a >> short-term hack for people without internal reputation systems to determine >> trusted intermediaries (like the IETF, apache.org, etc.). Me publishing >> that I'm trusted on my own DNS doesn't help ;-) >> > > I realize that you can not vouch for yourself, but you can say that you > participate in ARC for mediated mail. > But isn't saying I participate in ARC done by ARC sealing a message? And conversely, what if I'm ARC signing but either a) don't properly update my DNS, or b) have a malformed DNS entry? Does this mean my good ARC signature is thrown away? This feels like an avenue for operational complexity that could slow ARC adoption. Upgrading your software to properly seal messages is a low bar and we shouldn't increase the complexity unless there's exceptional value to be gained. > --Kurt >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
