In article <[email protected]> you write: >questions the wg deems needed since then. Leaving ARC in an experimental >state ad infinitum doesn't seem optimal. Basically: 1) was it needed at >all 2) did it help. 3) if it helped, how much did it help.
I agree that at some point we need to declare the experiment over and see if it's worked, but it's way too early for that. At this point the only widely used list software that can apply ARC seals is Sympa. (Mailman 3 may, but most mailman users including the IETF are still using mailman 2.) > (1) in >particular is what interests me because adding two new signatures seems >*really* heavy handed. That would go a long way toward answering the >questions of whether it's should go standards track. I don't get why a few extra signatures are a problem. Nearly all of my mail goes out with two added DKIM signatures, one that matches the >From domain or the list domain if it's a list, and one for my system. It's just not a big deal. >Our motivation at the time was one in particular: spear phishing. From >an enterprise situation spear phishing is scary af, and not one that >providers have much care about. That's what John gets wrong when he says >that 90% pass rate is useless: for enterprise not wanting to get spear >phished, a 10% false positive rate ... Sorry, I meant 90% the other way, catching 90% of the bad stuff and letting the other 10% through is not good enough. I agree that for spear phishing the tolerance for false positives is likely to be fairly high. R's, JOhn _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
