On 11/23/2020 7:38 AM, Todd Herr wrote:
On Mon, Nov 23, 2020 at 9:50 AM Joseph Brennan <bren...@columbia.edu
<mailto:bren...@columbia.edu>> wrote:
On Sat, Nov 21, 2020 at 7:14 PM John Levine <jo...@taugh.com
<mailto:jo...@taugh.com>> wrote:
This also means that ARC isn't useful if you don't have a
reputation
system to tell you where the lists and other forwarders
that might add
legit ARC signatures are.
And if you know which hosts are legit mailing lists or forwarders,
you already know what ARC would tell you.
I believe, though, that the intent of ARC is that it be scalable in
ways that manual enumeration of known legit mailing lists and
forwarders is not.
"if you know which hosts are legit" buries an assumption that is
problematic, namely that you know who handled the message. The fack
that a message purports to be handled by a mailing list you trust does
not mean it actually was.
That's the issue that ARC resolves.
ARC (and DKIM) produce noise-free uses of identifiers. If the
authentication validates, the receiver knows is really was handled by
who is saying it was handled by. Without these, you don't.
d/
--
Dave Crocker
dcroc...@gmail.com
408.329.0791
Volunteer, Silicon Valley Chapter
American Red Cross
dave.crock...@redcross.org
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc