On Thu 31/May/2018 02:27:35 +0200 Roland Turner via dmarc-discuss wrote: > On 31/05/18 02:31, Alessandro Vesely via dmarc-discuss wrote: > > I took it as self-evident that I was describing a transition from an > embedded list to a reputation data feed. Got it :-)
>>>>> 1: Granted, the list becomes a priority list for compromise attempts >>>> no spam indicator implies that the upstream ARC chain is faked.>>> You've >>>> lost me: >> difficulty of substantiating statements like "I trust these guys not >> to lie in ARC signing/sealing".> > This is the bit where I'm not following you. Failing to provide neighbourly > attention to the stream of mail coming out of your mail-server and failure to > accurately ARC sign appear to be orthogonal concerns. (They might be loosely > correlated to your level of diligence certainly, but are not otherwise > causally > related.) They'd better be more than loosely correlated. If you keep them orthogonal, you cannot make consistent assessments: My filtering ability is visible to the people I forward to. Although targets don't see what I spare them, they can imagine. If you receive spam from me, you lower my reputation. Easy. OTOH, my good faith ARC signing has to be assumed. To prove the opposite, you start with a message I forward to you; say it ARC-claims I received it from X. Afterwards, you need to contact X and have them deny they ever sent it. A rather impractical method, especially since you need an X such that you can trust their word against mine. How come? Orthogonality is broken by mandating filter-before-forward. That way, receivers of ARC-signed, obvious spam can infer that the corresponding ARC signature is faked. The better the filtering, the stronger the trust, and the more evident will a possible ARC key compromise be. So, if you pardon my geometry-fictional wording, the "trust not to lie in ARC signing/sealing" gets measured by assessing its projection onto the filtering axis. Best Ale -- _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
