In article <1514939995.3318165.1222346488.5b169...@webmail.messagingengine.com> you write: >Please read my examples again if the problem wasn't clear, because you >don't get security by imagining the best cases where everyone behaves >themselves, you get security by imagining that everybody is trying to >get away with the worst abuses they can without being detected.
Seems to me this makes some assumptions about the way ARC consumers will use ARC chains to decide whether to ignore a DMARC failure. Personally, I think the most likely scenario is that they'll look at all of the signers to see if they all are reasonably trustworthy, and if so, look at the i=1 seal to see if the message would have passed before being munged, and if so allow it. This requires having a giant reputation database for every ARC signer, but that's not much of a stretch beyond the reputation database you need to decide whether to look at the ARC chain at all. Trying to guess who changed something and whether they were malicious seems unlikely to work. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
