On 11/25/20 11:30 AM, Alessandro Vesely wrote: > Without resorting to ARC, it is still possible to validate author domain's > signatures directly if the MLM just adds a subject tag and a footer, like, > for example, this list does. While ARC solves "deep" forwarding problems, > which may arise in the context of email address portability, MLM > transformation reversion solves the simpler mailing list problem, including > reverting munged From:'s.
I agree that ARC isn't really needed to do this (trust the last hop from the MLM and determine the original authenticity from the MLM's perspective), although I think that ARC somewhat standardizes what headers/value to look for (I may be wrong). Plus, if it eventually solves the "deep" forwarding issue, then ARC is certainly better than trying to follow received header chains, etc. Anecdotally, after much debate, our team is leaning more towards *not* reverting munged From:'s from our own MLM 1. Until ARC has a reputation model that is commonly adopted, header munging isn't going to subside. I still find MLM operators who are just now realizing that they have to munge messages. We need to tell users that this is the new, growing, reality. 2. If we only unmunge for our own domains' users' authoring messages to our own MLM, it has limited overall effect, and it distorts the user-reality story from point #1. We would have to unmunge for all domains' authors sending to all "trusted" MLMs in order to give the users what they expect from their prior reality. 3. Since we can only unmunge for our own recipients, it just creates an inconsistent experience on top of the already inconsistent experience of the conditional munging most MLMs do based on the authors' DMARC policies. We would rather see: 3a) MLMs that munge for all messages regardless of the author's domain's DMARC policy 3b) MLMs that allow operators to configure recipient destinations that they know are going to trust non-munged messages (via ARC or whatever) Jesse P.S. If anyone knows how to trick Google Groups into doing 3a and/or 3b, please ping me (off list is OK) _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
