If I trust the sender enough to override DMARC policy results, what more does
ARC add?
I thought we'd already discussed the idea of the non-scalability of whitelists
to death. Absent a trusted sender whitelist, what can you do with ARC?
Scott K
On October 22, 2015 11:03:59 PM EDT, Roland Turner via dmarc-discuss
<[email protected]> wrote:
>Broadly, yes. You'd need to trust the entire chain of ARC-signing
>forwarders of course.
>
>
>- Roland
>
>
>
>[http://www.trustsphere.com/images/signatures/trustsphere.png]<https://www.trustsphere.com>
> Roland Turner | Labs Director
>Singapore | M: +65 96700022
>[email protected]<mailto:[email protected]>
>
>
>
>
>________________________________
>From: dmarc-discuss <[email protected]> on behalf of
>Scott Kitterman via dmarc-discuss <[email protected]>
>Sent: Friday, 23 October 2015 10:42
>To: DMARC Discussion List
>Subject: Re: [dmarc-discuss] A bit quiet?
>
>Okay. If I implement ARC as a receiver, then I ignore p=reject from
>Senders I trust not to lie to me if it passes ARC?
>
>Scott K
>
>On October 22, 2015 10:15:24 PM EDT, Roland Turner via dmarc-discuss
><[email protected]> wrote:
>
>ARC provides a standardised, software-implementable, means for
>trustworthy forwarders to implement chain-of-custody records and
>therefore for receivers to reliably and simply automate assessments
>about messages received through trustworthy paths that are currently
>both generally too complicated to make other than by hand and - for
>longer forwarding chains than author->list->recipient - depend upon
>trusting untrustworthy data from several hops upstream.
>
>The decisions about who to trust remain more-or-less those which
>receivers already make, ARC extends the distance that that trust can be
>algorithmically extended. An untrusted bad guy gains nothing, except
>against a naive receiver who imagines that ARC is magic. See also naive
>receivers assuming that SPF passing meant that a message was not spam.
>Likewise DKIM passing. Likewise DMARC passing. The important change
>here is that, in addition to incorporating an assessment of the
>trustworthines!
> s of the
>author and/or the last hop, assessments of the trustworthiness of
>forwarders enter the picture.
>
>- Roland
>
>
> Roland Turner | Labs Director
>Singapore | M: +65 96700022
>[email protected]
>
>
>
>________________________________
>
>From: dmarc-discuss <[email protected]> on behalf of
>Scott Kitterman via dmarc-discuss <[email protected]>
>Sent: Friday, 23 October 2015 04:44
>To: [email protected]
>Subject: Re: [dmarc-discuss] A bit quiet?
>
>On October 22, 2015 1:19:51 PM EDT, Franck Martin via dmarc-discuss
><[email protected]> wrote:
>The fun is moving to ARC
>
>https://dmarc.org/2015/10/global-mailbox-providers-deploying-dmarc-to-protect-users/
>
>
>How does that actually help? At least as I read the draft, anyone can
>make up a 'bad' message and an associated made up DKIM signature and
>then add their ARC stamp claiming the signature was valid when the
>message arrived?
>
>Scott K
>
>________________________________
>
>dmarc-discuss mailing list
>[email protected]
>http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>
>NOTE: Participating in this list means you agree to the DMARC Note Well
>terms (http://www.dmarc.org/note_well.html)
>
>________________________________
>
>dmarc-discuss mailing list
>[email protected]
>http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>
>NOTE: Participating in this list means you agree to the DMARC Note Well
>terms (http://www.dmarc.org/note_well.html)
>
>--
>Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>dmarc-discuss mailing list
>[email protected]
>http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>
>NOTE: Participating in this list means you agree to the DMARC Note Well
>terms (http://www.dmarc.org/note_well.html)
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
