Re: [dmarc-ietf] ARC questions

2020-11-25 Thread Michael Thomas
On 11/25/20 4:14 PM, Murray S. Kucherawy wrote: On Wed, Nov 25, 2020 at 11:03 AM Michael Thomas > wrote: That's been known for over 15 years. I'm still trying to understand the assertion that DKIM signatures are a "bad fit". I just looked at a random message o

Re: [dmarc-ietf] ARC questions

2020-11-25 Thread Murray S. Kucherawy
On Wed, Nov 25, 2020 at 11:03 AM Michael Thomas wrote: > On 11/24/20 8:19 PM, Murray S. Kucherawy wrote: > > On Tue, Nov 24, 2020 at 7:27 PM Douglas Foster < > dougfoster.emailstanda...@gmail.com> wrote: > >> Michael, I think the purpose is stated well enough: Mailing lists want >> to keep addi

Re: [dmarc-ietf] A policy for direct mail flows only, was ARC questions

2020-11-25 Thread John Levine
In article <695b8714-b174-e3d6-d6c0-1a1d535fb...@mtcc.com> you write: >Not everything is service provider. We were investigating this from an >enterprise standpoint. > >And if you can't trust mailing traffic from providers what is the point >of ARC? Um, please see the previous umpteen messages d

Re: [dmarc-ietf] A policy for direct mail flows only, was ARC questions

2020-11-25 Thread Michael Thomas
On 11/25/20 12:31 PM, John Levine wrote: In article , Michael Thomas wrote: When I was at Cisco, with l= and some subject line heuristics I could get probably like 90+% verification rate across the entire company, a company that uses external mailing lists a lot. Definitely not 100% though.

Re: [dmarc-ietf] A policy for direct mail flows only, was ARC questions

2020-11-25 Thread John Levine
In article , Michael Thomas wrote: >When I was at Cisco, with l= and some subject line heuristics I could >get probably like 90+% verification rate across the entire company, a >company that uses external mailing lists a lot. Definitely not 100% though. I think you will find that at very large

Re: [dmarc-ietf] A policy for direct mail flows only, was ARC questions

2020-11-25 Thread Michael Thomas
On 11/25/20 11:11 AM, Alessandro Vesely wrote: Hi, On 25/11/2020 19:24, Jesse Thompson wrote: On 11/25/20 11:30 AM, Alessandro Vesely wrote: Without resorting to ARC, it is still possible to validate author domain's signatures directly if the MLM just adds a subject tag and a footer, like, f

Re: [dmarc-ietf] A policy for direct mail flows only, was ARC questions

2020-11-25 Thread Alessandro Vesely
Hi, On 25/11/2020 19:24, Jesse Thompson wrote: On 11/25/20 11:30 AM, Alessandro Vesely wrote: Without resorting to ARC, it is still possible to validate author domain's signatures directly if the MLM just adds a subject tag and a footer, like, for example, this list does.   While ARC solves "

Re: [dmarc-ietf] ARC questions

2020-11-25 Thread Michael Thomas
On 11/24/20 7:27 PM, Douglas Foster wrote: In my opinion, ARC does leave a lot of unanswered questions about how you use the data that ARC provides.   Again, the big organizations have the brain power at their disposal to figure that out for themselves, later. They've had that data for

Re: [dmarc-ietf] ARC questions

2020-11-25 Thread Michael Thomas
On 11/24/20 8:19 PM, Murray S. Kucherawy wrote: On Tue, Nov 24, 2020 at 7:27 PM Douglas Foster > wrote: Michael, I think the purpose is stated well enough:   Mailing lists want to keep adding their content to messages, without being block

Re: [dmarc-ietf] A policy for direct mail flows only, was ARC questions

2020-11-25 Thread Jesse Thompson
On 11/25/20 11:30 AM, Alessandro Vesely wrote: > Without resorting to ARC, it is still possible to validate author domain's > signatures directly if the MLM just adds a subject tag and a footer, like, > for example, this list does.   While ARC solves "deep" forwarding problems, > which may arise

Re: [dmarc-ietf] A policy for direct mail flows only, was ARC questions

2020-11-25 Thread Alessandro Vesely
Hi, On 25/11/2020 13:57, Douglas E. Foster wrote: Indirect mail flows are difficult to detect.   SMTP address rewrite is already common practice for forwarding. Return address rewriting is a Good Thing™, unlike From: rewriting. I'd welcome forwarding my email, even if modified (I'm not a ba

Re: [dmarc-ietf] A policy for direct mail flows only, was ARC questions

2020-11-25 Thread Douglas E. Foster
Indirect mail flows are difficult to detect.   SMTP address rewrite is already common practice for forwarding.More to the point, John's interest is finding ways to increase the trust level for forwarded mail, while your idea says that direct mail is more trusted than indirect maill, which is the

[dmarc-ietf] A policy for direct mail flows only, was ARC questions

2020-11-25 Thread Alessandro Vesely
On Mon 23/Nov/2020 22:27:41 +0100 John Levine wrote: ARC deals with the problem that most list software forwards everything with a subscriber's address on the From: line and does a lousy job of spam filtering. The question is if the entity sending the message to the list was who it purported to b

Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

2020-11-25 Thread Alessandro Vesely
On Tue 24/Nov/2020 20:29:11 +0100 John R Levine wrote: "Holy Roman Empire" Organizations, typically universities, where the nominal organization tree and the actual control are different.  The PSL isn't useful because the party that controls their Org domain often doesn't control lower part