I was convicted that I was working from a reading of the abstract, and not the whole document. So I read the whole document last night, but it did not change my understanding.
Given a first occurrence of a message which purports to be from a legitimate message-altering MLM, how does the email gateway make a disposition decision? ARC does not solve the problem, because the ARC chain does not provide enough information to do so. ARC assumes that initial trust is obtained by another method. Reversible tagging mostly solves the problem if the content is fully reversible. The email gateway can assess both new and old content for risk, can assess both before and after signatures for identity verification, and can choose which version of content to deliver to the user. But there are questions about whether this solution covers enough of the problem to make it the only solution. We also have the question of whether the tagging would be too complex to do correctly. For a complete solution, the mailing list needs to be able to distinguish between these possibilities: Fiction - the mailing list does not exist, but a spammer wants to look like one to evade DMARC filteringUnsafe - the mailing list is poorly managed, so that it is little more than an open relay, or the content filtering is inadequate, so that it is a likely source of malicious content.Unwelcome - the subscriber address is a work account, and the list purpose is not work related.Spoofed list - a spammer tries to imitate a trusted list.Legitimate - a trusted and wanted list that both subscriber and email administrator want to receive. I don't see that we have adequately addressed all of these scenarios, but again it seems that most of the issue hangs on the trust question. List spoofing is an issue because we do not yet have a standard for how a list ID is associated with an authorized source. Presumably, we should perform an SPF check on the list ID, or find a verified DKIM signature that is domain aligned with the list ID. But there are no requirements on the format of a list ID, so we need to start by defining how the list domain is obtained from the list ID. What is the process for obtaining trust (and a supporting exception in the email gateway)? What is the process for notifying the MLM that the exception has been implemented? DF ---------------------------------------- From: "John Levine" <jo...@taugh.com> Sent: 7/6/20 9:30 PM To: dmarc@ietf.org Cc: fost...@bayviewphysicians.com Subject: Re: [dmarc-ietf] Fwd: New Version Notification for draft-kucherawy-dkim-transform-01.txt In article <3129f12e02434273915ed6f91a998...@bayviewphysicians.com> you write: >About credible mediators: >You are right that if an inbound email gateway believes a Mediator is >credible, then all that is necessary is for >the Mediator to prove his own identity. But what is the mechanism by which a >Mediator obtains the trust of the >email gateway? And by what mechanism does the Mediator know that the email >gateway has determined it to be >credible? Please see previous discussions about the design of ARC. There's reasons it's not just a whitelist of mailing lists. -- Regards, John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc