Alessandro Vesely writes:
> There is a thread about ARC sealing in bind-users[*].
Not sure what you mean by "sealing". Do you mean they're not
implementing the rest of the protocol?
> They're applying ARC signatures, although they run Mailman 2.
> It doesn't seem difficult to implement.
It's not. But
1. It's a bad idea to do it in Mailman.
2. It was implemented in Mailman 3 three or four years ago as a proof
of concept during the development of ARC.
3. There is a milter available for Postfix and Sendmail from the
Trusted Domain Project https://github.com/trusteddomainproject/OpenARC
as is the basic implementation which I presume is adaptable to
Exim, qmail, and other MTAs.
This is the preferred approach, as matter of conformance because
it should be implemented by the edge MTA(s), and as a practical
matter because Mailman *can't* do SPF since it is never an edge
MTA. There is also a pure Python implementation on PyPI, I
believe (this is the basis for the Mailman 3 plugin, or maybe it
was dkimpy).
> It requires trusting the users, though.
I don't think so, not any more than any other sign-and-send protocol.
What it requires is implementation by recipient domains who trust your
host, because if they don't it's 2014 all over again for your
subscribers if you have any DMARC p=reject posters.
> Would Mailman implement something like it?
Yes for Mailman 3, it's already done (but you are recommended to
configure it in the MTA). No for Mailman 2, it's EOL.
Steve
___
Mailman-Developers mailing list -- mailman-developers@python.org
To unsubscribe send an email to mailman-developers-le...@python.org
https://mail.python.org/mailman3/lists/mailman-developers.python.org/
Mailman FAQ: https://wiki.list.org/x/AgA3
Security Policy: https://wiki.list.org/x/QIA9
