On Wed 24/Nov/2021 17:22:51 +0100 John Levine wrote:
It appears that Alessandro Vesely <[email protected]> said:
This proposal is UNCOL for mailing lists. ...
Without going beyond Mailman lists, some of them remove DKIM signatures
altogether, so there is no chance to recover anything.
I don't understand that comment unless you're pointing out another reason that
your proposal is not worth working on.
Why? DKIM says signatures SHOULD NOT be removed, so a MLM may opt for not
letting existing signatures through. They may also anonymize posters.
Likewise, users may opt to sign in such a way as to grant that MLM-transformed
messages won't verify by any means.
Reversibility is an opt-in. However, people who don't want indirect mail flows
to be authenticable, should not complain that DMARC disrupted the end-to-end
nature of the From: identifier. They can choose.
ARC implies a reliable global reputation system, ...
No, it does not. You know better than that.
Yet, the proposal to accept and validate any possibly faked message as if it
passed DMARC is not acceptable. It completely voids DMARC's meaning.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
