On Mon, Nov 23, 2020 at 9:50 AM Joseph Brennan <bren...@columbia.edu> wrote:
> >> On Sat, Nov 21, 2020 at 7:14 PM John Levine <jo...@taugh.com> wrote: >> >>> >>> > >> This also means that ARC isn't useful if you don't have a reputation >>> system to tell you where the lists and other forwarders that might add >>> legit ARC signatures are. >>> >> >> > And if you know which hosts are legit mailing lists or forwarders, you > already know what ARC would tell you. > > I believe, though, that the intent of ARC is that it be scalable in ways that manual enumeration of known legit mailing lists and forwarders is not. Standard authentication protocols (SPF, DKIM, DMARC) are fine for direct mail flow. When the message arrives at its destination, the receiver can check authentication protocols and apply handling rules for a message based on its past history with the authenticated identities associated with that message. For indirect mail flows, messages might not pass such checks at their final destination, but it's possible that they did pass those checks on an intermediate hop. As Michael said in his original post, ARC 'allows intermediaries to say "this is what it looked like to me at this point [and before i messed it]".' The question with ARC then becomes, does the final destination trust the results reported in the ARC header set(s), and it's kind of a complicated question. If I as the final destination trust the ARC header set(s), I'm saying that I believe the reported results with no real way to independently verify the results, meaning that I can't do direct DKIM validation or SPF checking using standard tools; if I could, there'd be no need for ARC. I suppose that an approach to building up an ARC reputation might be one where over time a receiving site can compare indirect mail flow that is purported to have X as an authenticated identifier with mail that comes direct to the receiving site with X as an authenticated identifier. That is, if direct mail with X as an authenticated identifier generally hits Y on my internal reputation scale, does indirect mail that is ARC-signed by Z to have X as an authenticated identifier also generally hit Y on my internal reputation scale? If so, great; I can trust Z as an ARC signer. The devil is in the details, though. If mail through Z doesn't generally hit Y, then what explains the variance? If it's for most or all values of X, then it's probably because Z is a bad actor. If it's hitting Y for most values of X but not for all, is it because those particular mail streams are ones that are still legitimate from an authentication perspective, but aren't of the same quality due to reasons, or is Z engaging in some elaborate scheme using valid mail as legit shields to get its nasty payload through in the noise? If variances can be dealt with in a way that doesn't require too much manual intervention, then perhaps there's hope here. Even at that, such a system would need to be bootstrapped with some list of manually enumerated known good intermediaries, but over time it could theoretically grow organically based on data collected. I don't believe the above challenges are insurmountable (says the guy who hasn't had operational responsibility for a mail system in over a decade) but I'm not in a position to assign the necessary resources to solve this problem at each site that has an interest in doing so. -- *Todd Herr* | Sr. Technical Program Manager *e:* todd.h...@valimail.com *p:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
