My wishlist for ARC:
ARC tells me that somebody changed some data, but it does not tell me which MTA performed the forwarding operation, added content, or performed address rewriting. If we could get HELO names into the ARC data, then those names could be correlated with the Received header chain to make better filtering decisions. DF From: dmarc [mailto:dmarc-boun...@ietf.org] On Behalf Of Dave Crocker Sent: Monday, November 23, 2020 12:02 PM To: Todd Herr; Joseph Brennan Cc: dmarc@ietf.org Subject: Re: [dmarc-ietf] ARC questions On 11/23/2020 7:38 AM, Todd Herr wrote: On Mon, Nov 23, 2020 at 9:50 AM Joseph Brennan <bren...@columbia.edu> wrote: On Sat, Nov 21, 2020 at 7:14 PM John Levine <jo...@taugh.com> wrote: This also means that ARC isn't useful if you don't have a reputation system to tell you where the lists and other forwarders that might add legit ARC signatures are. And if you know which hosts are legit mailing lists or forwarders, you already know what ARC would tell you. I believe, though, that the intent of ARC is that it be scalable in ways that manual enumeration of known legit mailing lists and forwarders is not. "if you know which hosts are legit" buries an assumption that is problematic, namely that you know who handled the message. The fack that a message purports to be handled by a mailing list you trust does not mean it actually was. That's the issue that ARC resolves. ARC (and DKIM) produce noise-free uses of identifiers. If the authentication validates, the receiver knows is really was handled by who is saying it was handled by. Without these, you don't. d/ -- Dave Crocker dcroc...@gmail.com 408.329.0791 Volunteer, Silicon Valley Chapter American Red Cross dave.crock...@redcross.org
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
