On 2020-06-20 5:48 p.m., John Levine wrote: > In article <d10318dc-b6ff-f487-7099-065796c11...@tana.it> you write: >> For example, a water tight opt-in protocol ... > > There's no such thing, unless you can somehow ensure that the list never > sends anything that any of the subscribers don't expect.
Small MTAs can trust their (not anonymously registered) users, so they could blindly accept to weakly sign messages destined to a MLM that a user of theirs has implicitly recommended by starting such a (yet unspecified[*]) water tight opt-in. >> Without that, we're back to depending on reputation, for which simple >> whitelisting suffices.> > No, please see my message a few days ago about why ARC works the way it does. Do you mean https://mailarchive.ietf.org/arch/msg/dmarc/gll_AD80SzysVJi9GDeKM12OslA ? That message proves that ARC depends on reputation too. I mentioned whitelisting because it's simpler than ARC. My point is that, if an MTA is not Google, Yahoo, or some such, that is if it doesn't have the list of all MTAs worldwide, then the mailing list problem precludes reliable DMARC inbound filtering. I don't think, as Douglas suggests, that the MLM problem stems from not wanting to seek domain owner involvement. IMHO, it stems from domain owners not being able to maintain a global reputation list. The MTAs who can do that can do ARC, can whitelist, can do DMARC filtering; they don't have a "mailing list problem". Best Ale -- [*] See rough ideas at http://fixforwarding.org/wiki/Water_tight_opt-in _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc