On 15/11/22 23:10, Alessandro Vesely wrote:
On Mon 14/Nov/2022 18:54:33 +0100 Wei Chuang wrote:
> On Mon, Nov 14, 2022 at 8:03 AM Alessandro Vesely <ves...@tana.it> wrote:
>
>> BTW, we all know that mailing lists send one message at a time, doing
>> VERP for each subscriber. They can more easily include the recipient in
>> the ARC signature. However, any spammer can do the same. >
> WRT to the ARC like proposed approaches, agreed that the spammer can sign
> for each recipient as well. However then the spammer has identified
> themselves in the path, and some future path aware reputation systems will
> be able to distinguish the spammer from benign forwarding flows.
If you can filter basing on a reliable reputation system, current ARC seals are
enough already, aren't they?
Not quite, because they're not usually applied when a message is
forwarded intact. One outcome of the proposed WG might be to
specifically encourage all MLMs to ARC-sign, even if they don't break
the author's DKIM signature, in this case to facilitate path reasoning
in addition to coping with DKIM-breakage.
(I forget the IETF language for this, but there's a distinction between
documents which specify protocols and documents which provide guidance
on their use.)
- Roland
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
