On Mon 23/Nov/2020 22:27:41 +0100 John Levine wrote:
ARC deals with the problem that most list software forwards everything
with a subscriber's address on the From: line and does a lousy job of
spam filtering. The question is if the entity sending the message to
the list was who it purported to be.
For example, if a message from a list fails DMARC alignment, but ARC
says it was aligned on the way in, it's likely a real message from a
subscriber. If it was unaligned on the way in, it's likely spam.
I publish p=none in order to avoid spurious rejections due to casual message
modifications that happen in transit. However, I'm quite confident that SPF or
DKIM verify, since users submit messages through the right mail server.
Couldn't I address direct flows only? Doing so would prevent a casual spammer
from abusing mailing lists I'm subscribed to by simply faking From:.
A direct flow is one were SPF credentials (helo name or return address) are
aligned with From:. That includes some simple forwarding, but not mailing list
traffic. Direct policy could be expressed as dp=. Authenticate as usual,
either SPF or DKIM. On failure, discard only if direct flow. For example:
v=DMARC1; p=none; dp=reject;
Makes sense?
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
