In article <fe197dd0-271e-b9a5-fb3d-ac9f51c00...@wisc.edu> you write: >> The bar for ARC to be usable is pretty low. It's not "doesn't send >> spam" or even "knows who its users are." It's only "doesn't lie about >> where mail came from." I expect that in practice the usual DNSBLs >> will be good enough. > >Is the assumption with ARC, when it reaches some point of "production" status, >that intermediaries will be able to look themselves >up in the usual DNSBLs to see if they are trusted so they know that they don't >need to rewrite the From?
No, not at all. ARC puts a chain of signatures on a message, but the final recipient can only verify the most recent one and has to trust the previous ones for ARC to be useful. So is the chain real, or just a bunch of garbage invented by spamware, like the long chains of Received headers they used to add? You only have to trust the most recent signer, since each link in the chain says whether the prior links were valid and a legit signer will note that the previous seal didn't verify if that's the case. R's, John _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc