On Tue 29/May/2018 01:27:33 +0200 Roland Turner via dmarc-discuss wrote:
> On 28/05/18 19:26, Alessandro Vesely via dmarc-discuss wrote:
>
> For the implied question ("Why would small guys be interested?"):
>
> * ARC headers simply provide a view as to what happened upstream.
> Whatever effort you're willing to invest in hand-to-hand fighting is
> amplified (greater efficiency and/or effectiveness) simply by making
> use of that visibility.
> * A single public whitelist is not necessary for ARC to work, multiple
> lists are certainly possible, but the mapping of well-behaved
> whitelist operators is:
> o much easier than mapping abusers, as the latter are seeking to
> _*evade*_ detection;
> o much slower moving (new small list operators appear at a rate of
> perhaps one per week; abusers gain control of IP addresses at a
> rate of many per second); and
> o more resilient in that possession of the abuse data by abusers
> doesn't provide a means to optimise abuse by focusing on IP
> addresses and identifiers that haven't yet been identified[1],
>
> meaning that a slow-moving list can be included in email
> security software, as with the current rule set for something
> like SpamAssassin.
You seem to imply that only mailing list activity needs to deploy ARC.
I know ARC proponents don't want author's domains to sign ARC-0, but never
understood why. Anyway, ordinary forwarders will need to ARC sign forwarded
messages too, which includes pretty much all mail sites. The latter is *not* a
slow-moving data set. It grows steadily.
> 1: Granted, the list becomes a priority list for compromise attempts, much as
> happened with ESPs several years ago, but sudden spikes in volume can be
> treated as suspicious anyway, so the benefit in compromising a small forwarder
> is limited.
Spamtraps will also work well, as usual. However, no spam indicator implies
that the upstream ARC chain is faked. In theory, for example, ARC would allow
me to switch to forward-before-filter (maybe CPU happened to cost me more than
bandwidth, say.) In that case, you would tend to classify me as a spammer and
possibly suspect that my keys were compromised. How to maintain the list
remains unclear.
Best
Ale
--
_______________________________________________
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
