Mark Sapiro writes: > The problem is downstream has to trust me. If I'm gmail.com, I'll > probably be trusted. If I'm msapiro.net, probably not. Python.org, who > knows.
The problem is the same butt-lazy admins that caused you to implement DKIM-stripping.[1] Google and (AFAIK) Yahoo! and Microsoft will trust you by default. In fact, I snafued a couple weeks back, exposed my Mailman server to the joe-jobbing via web subscription backscatter, and was immediately interdicted by Microsoft. Fixed the problem, went to Microsoft, and immediately mail started flowing again and has ever since. So I think ARC is in practice going to be trusted by default, at least until the first big spammer exploit taking advantage of that trust. Footnotes: [1] In many cases, Authentication-Results should be stripped by the domain-edge MTA, and RFC 7601 discusses when that really must be done, and the pros and cons of doing it in general. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
