Hi all, long time.
I finally read through the ARC spec after seeing it accidentally in mail
headers wondering what it was, especially since it was so DKIM like. My
barely informed take is that it allows intermediaries to say "this is
what it looked like to me at this point [and before i messed it]". So
far, so good. It seems that a receiver can then verify that the ARC
signature especially if the "original" DKIM signature is broken. So far,
so good again.
If I'm a receiver who is going to be making some filtering decisions
based on ARC, I see that it passed by some authenticator along the way
which is fine, but my question is why I should trust that intermediary
in general? I mean, this is easy if it's gmail since I know google has
an interest in good email practices out of band, but what if the ARC
signer is actually an attacker that I have no idea who they are?
Which is to say, how do I go about trusting the ARC signer to not be
doing something bad? I don't have a specific attack in mind (still too
new to this), but say if spam.com ARC signs a message it adulters to its
advantage how do I know that I should disregard its ARC results? Or
maybe not so much disregard results per se, but not want to "accept" the
changes to the original message?
Ok, maybe here is an attack. Suppose this message is scrapped by a
spammer since this is a public email list. It has a broken original DKIM
signature but a valid ARC signature from ietf.org. The attacker takes
the message, adds the Viagra scams in the body to the ARC signed message
and reinjects the new message toward the targets of their choice (?
mailing list members only? not sure).
Or did I miss where ARC resigns the body? Or is there a tie in for ARC
with the mailing list's resigned DKIM signature for the new message?
Sorry so many questions, and probably misunderstanding what's going on.
Mike
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
