On 11/25/20 11:11 AM, Alessandro Vesely wrote:
Hi,
On 25/11/2020 19:24, Jesse Thompson wrote:
On 11/25/20 11:30 AM, Alessandro Vesely wrote:
Without resorting to ARC, it is still possible to validate author
domain's signatures directly if the MLM just adds a subject tag and
a footer, like, for example, this list does. While ARC solves
"deep" forwarding problems, which may arise in the context of email
address portability, MLM transformation reversion solves the simpler
mailing list problem, including reverting munged From:'s.
I agree that ARC isn't really needed to do this (trust the last hop
from the MLM and determine the original authenticity from the MLM's
perspective)
I didn't mean to trust the MLM. I meant remove the subject tag and
the footer, then the original DKIM signature verifies. See:
https://datatracker.ietf.org/doc/draft-vesely-dmarc-mlm-transform/
When I was at Cisco, with l= and some subject line heuristics I could
get probably like 90+% verification rate across the entire company, a
company that uses external mailing lists a lot. Definitely not 100% though.
Mike
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
