> On May 22, 2017, at 10:01 PM, Hal Murray <hmur...@megapathdsl.net> wrote: > >> ARC is the very-near-future solution to much of this. Get your vendors on it. >> http://arc-spec.org > > I'm missing something. What keeps a bad guy from setting up shop and > claiming to be forwarding mail and claiming that SPF was valid on the crap he > is sending? > > It seems to me that a critical step for doing things right is that the user > has to get involved and agree to receive forwarded mail, including all the > spam that gets past the spam filters at the forwarder. I think that would > work for geeks but it's probably too complicated for the typical user. Do > you have to be geeky enough to set up forwarding? > > The same holds for mailing lists but you don't have to be a geek to get added > to one. I think it would be great if the mail environment asked me if I > wanted to get added to a list before it started accepting mail for that list. > I wonder if a typical user could handle that. > > I don't know what happens to transactional mail. > > Is this only going to work for big players who generate or receive enough > traffic so the receiver can develop a useful reputation?
Go read https://tools.ietf.org/html/draft-ietf-dmarc-arc-usage-01 for an initial discussion of most of the important pieces of that. Cheers, Steve _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop