Stated another way, the problem with ARC is that it requires the evaluator to attribute a positive reputation to the forwarder, in a context where even identifying the forwarder can be difficult. Most email is accepted on a much weaker criteria - the absence of negative reputation.
Mailing lists actually deserve an above-average reputation, because their messages are pre-filtered based on identity and content before being forwarded. But because they preserve the author address, list messages appear to be a random mail stream containing normal threat risks. From-rewriting of all list messages would allow the list to be evaluated based on the list reputation, rather than the random reputations of the list members. The existing approach to From rewrite is a mess, but it is not the only one possible. A DMARC-compliant list would solve a lot of problems, and is feasible, with the right type of rewrite. Doug On Tue, Sep 28, 2021 at 5:14 AM Alessandro Vesely <ves...@tana.it> wrote: > On Mon 27/Sep/2021 21:42:48 +0200 John Levine wrote: > > It appears that Alessandro Vesely <ves...@tana.it> said: > >> There is a case (d) final receiver enforcea DMARC and ARC, but the > >> forwarder is not among its ARC-trusted senders. > >> > >> The simple solution if From: rewriting. > > > > I think you misspelled "ugly kludge" there. > > > > https://wiki.asrg.sp.am/wiki/Mitigating_DMARC_damage_to_third_party_mail#Replace_address_with_a_generic_one > > > >> Note that forwarders should always rewrite the bounce address, for SPF. > > > > Mailing lists put on their own bounce addresses so they can do bounce > handling. > > They've been doing that for about 40 years. That's not a kludge, that's > how > > mailing lists work. > > > I agree that replacing the bounce address has a VERP logic which predates > SPF. In addition, it doesn't interfere with MUA displaying. So, yes, it's > less ugly, but it's still a kind of kludge. > > By design, DMARC forced the semantics of From:. It traded purism for > efficacy. Some ugliness has to be in the bargain too. > > From: rewriting is a kludge, and it's how mailing lists work. > > > > The whole point of ARC is so that lists and other forwarders *don't* > have to do ugly kludges > > so I don't understand the point of this discussion. > > > With ARC you have to distinguish cases (a), (b), (c), and (d). There is > no method (yet) to tell beforehand whether it's going to work at a given > receiver. Even if there was one, you should still consider the case that > the subscribed address will be forwarded to yet another receiver. > > > Best > Ale > -- > > > > > > > > > > > > > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
