On 12/6/20 9:05 PM, Murray S. Kucherawy wrote:
On Sun, Dec 6, 2020 at 11:02 AM Michael Thomas <[email protected]
<mailto:[email protected]>> wrote:
Based on the work I did at Cisco 15 years ago which essentially was a
heuristic based form of those two drafts, I found that it worked for
about 90 some percent. I unfortunately do not know what the nature of
the remaining messages that could not be recovered (either I never
did
the analysis or don't remember). Things may have changed some since
then, but that was what we got for the entire mail stream of a large
company. Is that "good enough"? Or better yet, what is the
definition of
"good enough"?
A counter-argument I've heard often to the idea of reversible
transformations is that it can become a spam vector, no different than
the argument against "l=". For instance, if we start chopping off
typical list signatures ("delete everything at and after the lowest
line containing only hyphens"), then I can take a message from a good
actor, tack a spam list signature onto it, claim I'm an MLM, and it'll
still pass with the author domain signature when it gets delivered
downstream, though the spam will still be there.
Another is that it's not actually easy to describe all or even most of
the mutations an MLM might make to a message. (Mailman sent me the
list of changes they might make to a message. It's not a small list.)
Yet another is that two different MLMs might implement MIME-izing
actions ever so slightly differently, yet both results are fully
compatible with MIME and indistinguishable when rendered by most MUAs.
So in the limit, this comes down to defining a set of transformations
everyone agrees are allowed, and then all MLMs and filters
implementing exactly those and no more. There doesn't seem to be much
of an appetite in the community for this path.
An idea that i've been rolling around in my head is that the MLM could
give a sed-like script to rollback the changes. since they know their
modifications, they can obviously express how to unmodify them. it may
have less issue with the mime hackery you were thinking about.
But as far as your point about spam vectors it is surely just as true
about ARC, right? at least with recovering the original text i have the
ability to remove all of the transforms and deliver the original text.
ARC not so much. it's all or nothing on the trust front.
But I really think the key thing about all of this is figuring out what
defines success. That is the most important thing by far.
Mike
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
