Re: [dmarc-discuss] A bit quiet?

Thu, 22 Oct 2015 19:26:05 -0700 

ARC provides a standardised, software-implementable, means for trustworthy 
forwarders to implement chain-of-custody records and therefore for receivers to 
reliably and simply automate assessments about messages received through 
trustworthy paths that are currently both generally too complicated to make 
other than by hand and - for longer forwarding chains than 
author->list->recipient - depend upon trusting untrustworthy data from several 
hops upstream.

The decisions about who to trust remain more-or-less those which receivers 
already make, ARC extends the distance that that trust can be algorithmically 
extended. An untrusted bad guy gains nothing, except against a naive receiver 
who imagines that ARC is magic. See also naive receivers assuming that SPF 
passing meant that a message was not spam. Likewise DKIM passing. Likewise 
DMARC passing. The important change here is that, in addition to incorporating 
an assessment of the trustworthiness of the author and/or the last hop, 
assessments of the trustworthiness of forwarders enter the picture.

- Roland


        Roland Turner | Labs Director
Singapore | M: +65 96700022
[email protected]



________________________________________
From: dmarc-discuss <[email protected]> on behalf of Scott 
Kitterman via dmarc-discuss <[email protected]>
Sent: Friday, 23 October 2015 04:44
To: [email protected]
Subject: Re: [dmarc-discuss] A bit quiet?

On October 22, 2015 1:19:51 PM EDT, Franck Martin via dmarc-discuss 
<[email protected]> wrote:
>The fun is moving to ARC
>
>https://dmarc.org/2015/10/global-mailbox-providers-deploying-dmarc-to-protect-users/
>

How does that actually help? At least as I read the draft, anyone can make up a 
'bad' message and an associated made up DKIM signature and then add their ARC 
stamp claiming the signature was valid when the message arrived?

Scott K

_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

Reply via email to