On 11/23/20 3:00 PM, Dave Crocker wrote:
On 11/23/2020 2:58 PM, John R Levine wrote:
And, again, when ARC work was pursued, I don't recall anyone
claiming that mailing lists were (significant) sources of misbehavior.
Well, OK. Please feel free to provide footnoted documentation of
what the actual motivation for ARC was if you believe it was
something else.
Typically, the burden of substantiating a claim falls on the person
making the affirmative claim.
What I'm struggling to understand is what having authenticated auth-res
from a previous hop helps. this is what i found:
"With this information, Internet Mail Handlers MAY inform local policy
decisions regarding disposition of messages that experience
authentication failure due to intermediate processing."
that and:
"When an Authenticated Received Chain is used to determine message
disposition, the DMARC processor can communicate this local policy
decision to Domain Owners as described in Section 7.2.2."
seems to be the only motivation I can find. without ARC, a receiver
could always check the new DKIM signature from, say, the mailing list
and look up its reputation to decide whether to pass it along or not
overriding the originating domain's policy. my recollection was that
this was the "you break it, you own it" policy which i recall being the
consensus. and indeed, there is nothing to stop a filter to look at the
mailing list's auth-res and take it into account even if it's not part
of the headers in the signature. maybe there is some attack there i'm
not seeing off the top of my head, but it seems like this really hinges
on reputation as was pointed out to me earlier.
It would be kind of nice to understand what gap ARC actually plugs and
why it's important if you ask me. Also: there seem to be a lot of ways
to achieve this, but this one is probably the most complicated one that
I can envision.
Mike
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc