On 11/23/2020 7:38 AM, Todd Herr wrote:
On Mon, Nov 23, 2020 at 9:50 AM Joseph Brennan <bren...@columbia.edu <mailto:bren...@columbia.edu>> wrote: On Sat, Nov 21, 2020 at 7:14 PM John Levine <jo...@taugh.com <mailto:jo...@taugh.com>> wrote:

            This also means that ARC isn't useful if you don't have a
            reputation
            system to tell you where the lists and other forwarders
            that might add
            legit ARC signatures are.


    And if you know which hosts are legit mailing lists or forwarders,
    you already know what ARC would tell you.


I believe, though, that the intent of ARC is that it be scalable in ways that manual enumeration of known legit mailing lists and forwarders is not.


"if you know which hosts are legit" buries an assumption that is problematic, namely that you know who handled the message.  The fack that a message purports to be handled by a mailing list you trust does not mean it actually was.

That's the issue that ARC resolves.

ARC (and DKIM) produce noise-free uses of identifiers.  If the authentication validates, the receiver knows is really was handled by who is saying it was handled by.  Without these, you don't.

d/

--

Dave Crocker
dcroc...@gmail.com
408.329.0791

Volunteer, Silicon Valley Chapter
American Red Cross
dave.crock...@redcross.org

_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to