On Sun 06/Dec/2020 05:14:18 +0100 John R Levine wrote:
On Sat, 5 Dec 2020, Jim Fenton wrote:
... If the recipient domain accepts modifications by zero-reputation
intermediaries (because there are so many of them, after all)
I wouldn't call that a reasonable implementation of ARC. The set of hosts that
are likely to send you mail with interesting ARC chains is relatively small,
and I don't think it changes very fast.
Trustworthiness has to account for the probability that a trusted host is
hacked, even occasionally, so as to spew phishing. Reasonableness is a number
in [0, 1]. In the presence of a chain, one must consider the joint probability
that any intermediary is hacked.
Anyone observed long ARC chains?
I'd certainly be interested in hearing how people plan to compile and maintain
their lists of ARC-worthy hosts.
There should be a means of exchanging trustworthiness values, so as to build
the transitivity required to compute the joint probabilities.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
