On Fri 18/Dec/2020 22:54:54 +0100 Michael Thomas wrote:
In my opinion, ARC has promise, because if a message reaches me as a receiver
or even intermediary and fails the authentication checks I perform, ARC
header sets in the message can tell me whether or not such checks passed at
previous hops *if I trust the entities that inserted those ARC header sets*.
In an earlier thread, I floated an idea about ARC sealer reputation, but it
didn't draw much response, so I'll float it here again in the hopes that it
does.
We've always been able to check the reputation of lists that resign the
message. The reputation is the previously (un)solved problem.
Yesterday 34 new domains —domains I never heard of before— sent 35 messages to
my MX. I count identifiers. Some of them are subdomains of known domains, so
they might inherit their parent's reputation. Several others, however, are new
organizational domains. I'm just looking at the first 8, and none of them
looks like a throw-away, freshly registered domain.
Now my tiny MX stores 115,225 domains total. And I have no idea how I could
add a trust-ARC-seals boolean field to each domain record.
Except for a few gigantic mailbox providers, I'd say the reputation problem is
not quite solved.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
