Hi all, I'm sorry I didn't queue to talk yesterday. After so many months without speaking one word of English, I really didn't feel like...
*Why ARC cannot solve the mailing list problem* =============================================== Assume all mailing lists in the world duly did ARC. Somewhat science-fictitious, given that some of them are not even able to add valid DKIM signatures. Let's hypothesize they all did ARC, anyway. Would the mailing list problem be solved? No, because recipients cannot blindly accept DMARC failures just because there is an ARC-chain claiming authenticity. Doing so would completely defeat DMARC, because ARC chains can be forged. In order to safely override a reject or quarantine policy based on ARC, a receiver needs a complete list of legitimate mailing lists. Conversely, having such a list, a receiver can override DMARC failures also based on DKIM or SPF authentication. ARC adds nothing to the mailing list problem. (However, huge mailbox providers do have a complete list of legitimate MTAs. That's where ARC is useful, AIUI.) *From rewriting is the real thing* ================================== Rewriting From: is the de-facto standard. In a (science-fictitious) scenario where all mailing lists rewrite the From: header field, DMARC would just work smoothly. Hence, we have to specify an acceptable way to rewrite From:. I'd have said so. Best Ale -- _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
