On 24/06/2022 17:54, Alessandro Vesely via mailop wrote:
On Wed 22/Jun/2022 13:31:49 +0200 Slavko via mailop wrote:
Neither I use it. I didn't know rspamd implements ARC. Most of that
module's documentation seems to be about signing, which is not
difficult. But there is a whitelisted_signers_map variable, for
verifying. Did you set it?
In order to have ARC working for mailing lists, you need to add the
relevant domain to that map, for every list you subscribe to. At that
point, mailing lists that send personalized messages to each subscriber
can ARC-seal the messages destined to you instead of rewriting From:, if
they know that you did set whitelisted_signers_map appropriately. Hm...
I really, really miss one simple feature in ARC signatures. Whilst it is
+/- trivial to have a list of trusted signers on a receiver side, it
would be super helpful to allow **a sender** to specify it's next
trusted hop.
For example, if I send a message from `example.com` to some mailing list
`ml.com` why cannot I add a special ARC signature element like
`nh=ml.com` which would specify that the next trusted signature must be
done by `ml.com`. In this way, an ARC sender can tell that a receiver
can trust `ml.com` to restore the DMARC result for `example.com` when it
observes forwarding.
This might introduce a lot of additional value to ARC, as with this
approach not only receivers decide whom to trust but also senders can
influence on that as senders are mostly aware about who are theirs
trusted forwarders.
I was also thinking about a separate DNS record that would specify a
list of the trusted senders, but it seems that including a next trusted
forwarder info into AMS and sealing it into AS seems to be even a better
approach.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
