In article <[email protected]>, Dave Crocker <[email protected]> wrote: >> I believe, though, that the intent of ARC is that it be scalable in >> ways that manual enumeration of known legit mailing lists and >> forwarders is not. > >"if you know which hosts are legit" buries an assumption that is >problematic, namely that you know who handled the message. The fact >that a message purports to be handled by a mailing list you trust does >not mean it actually was.
Pretty close, but not quite. You know that a message came from a mailing list because you have your list of IPs or DKIM signatures of lists you trust. ARC deals with the problem that most list software forwards everything with a subscriber's address on the From: line and does a lousy job of spam filtering. The question is if the entity sending the message to the list was who it purported to be. For example, if a message from a list fails DMARC alignment, but ARC says it was aligned on the way in, it's likely a real message from a subscriber. If it was unaligned on the way in, it's likely wpam. R's, John -- Regards, John Levine, [email protected], Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
