On Tue, Sep 26, 2017 at 3:58 PM, John Levine <jo...@taugh.com> wrote:
> In article <59c8d406.7000...@openfortress.nl> you write: > >I am looking forward to your responses. Please keep me in Cc: if > possible? > > I hate to be totally negative, but this draft revives a lot of things > that we considered and rejected when we did DKIM. > > Marking content in an MUA is a WKBI*. There is no reason to believe > that users would understand content marking or would make reasonable > decisions based on it. As a general rule, anything that puts security > policy in the hands of end users doesn't work. Think of all the > browser bad SSL cert warnings you've clicked through. > Knowing what changed is actually something that could go into a spam filter decision, however. It may be more complicated than arc. And we did have an example proposal that foundered on the deletion case. https://www.ietf.org/mail-archive/web/dmarc/current/msg01444.html One could also make a spam/phishing decision and show the original, forcing the user to click to see the modified version. In most mailing list cases, the subject/footer is mostly barely useful (quick, does this mailing list have a footer?). Ie, one could spam score both the original and the modified version, and make choices based on the difference. > Also, there are more ways to change content that anyone can describe. > Some of the harder to describe are recoding between 7 and 8 bit and > base64, reducing the size and resolution of images (common on phones) > and reordering MIME parts. > There is an obvious question of "handles everything" vs "handles the 99-percentile case better". Ie, a mechanism that explicitly handled subject prefixes and footers might do a better job than ARC, it might have better adoption and fewer deployment headaches, even as it allows some set of modifications to fail. It might also be harder to Also, among what you're talking about, I think the 7/8/base64 stuff would be covered by his MIME canonicalization. Although I've seen web proxies or clients which resize photos, I don't think I've ever seen an MTA do it... which doesn't mean they couldn't, but I'm not sure it's a use case we have to try and handle. Ie, I would have been happy to have changed Google Groups to allow DKIM signed mail to pass through, but we feel that current anti-spam laws mean we have to include an unsub link. We would have routed out any of the other types of changes you're talking about because DKIM passing to get the mail through is more important. Finally, it is pretty clear from the ARC work that big mail systems > are more interested in telling recipient systems the identities of the > parties that handled a message than how it changed or whether any of > those parties thought the changes were a good idea. > Google was the one with the previous diff based proposal, I would have been happy to avoid the "who" question if we could have done something more exact. Brandon
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc