On Wed 07/Dec/2022 16:49:55 +0100 Grant Taylor wrote:
On 12/7/22 2:59 AM, Alessandro Vesely wrote:
ARC is a good forwarding tool.
I question the veracity of that. Mostly around -- what I consider to be --
the priming problem of getting a receiving system to trust an upstream
system's ARC signature.
Some statements can be trusted. For example, assume you apply DMARC and
receive a message with no DKIM signatures and just an ARC set reporting
that SPF failed for a p=reject domain. The ARC sealer obviously didn't
apply DMARC. You can believe in its result and reject the message.
The opposite statement, that the message was valid when the forwarder got
it, requires you to override DMARC. As I said, I'd require the recipient's
permission to do so.
Its semantic differs from DKIM as it implies no claim of responsibility.
So it allows an MTA to forward a message as is, according to user's
wishes, without bothering about receiver's policy.
I disagree. The forwarding MTA has, can, and will continue to forward
messages with or without ARC. What ARC does do is add some information
that the downstream receiving MTA /may/ use to make decisions. The
presence of ARC itself has no impact on the capability for an MTA to
forward messages.
Agreed. The point is that some decision can be harder without ARC.
That is, for example, if you don't enforce DMARC the receiver is still
able to apply DMARC policies using trusted SPF results. In order to
override DMARC policies, IMHO, the forwarder should be whitelisted by the
recipient: an activity that could be automated, since forwarding to a
different recipient requires prior agreement.
Forwarding to a different recipient does NOT require prior agreement. Full
stop.
How do you pick up the target address?
Any MTA operator can configure their MTA to forward messages to whomever
they want completely independently of the downstream receiving MTA's
involvement, much less agreement.
Those who do so are neatly classified as spammers.
My Gmail account forwards to me because I asked it to do so. My MTA
forwards messages only to recipients who asked me to do that setting. (And
I put the bounce address to me, so I can text them when forwarding fails.)
This lists forwarded your message to me because I subscribed.
In addition, note that forwarded messages usually have a single recipient.
This makes it reasonable to set up per-recipient whitelists.
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
