On Wed 24/Nov/2021 17:30:08 +0100 John Levine wrote:
It appears that Alessandro Vesely <[email protected]> said:
Sure. Note that if the receiver trusts the MLM, simply recognizing it would be
enough to pass DMARC per the "mailing_list" policy override. ARC additionally
provides the ability to learn the authentication status of the message when it
was received by the MLM. That way, reputation can be reckoned with great
precision.
If you trust the mailing list, you can just have a whitelist and
completely ignore DMARC. If only.
Including the accepted message in aggregate reports with proper indications is
not ignoring DMARC.
Someone else from Google told me that they know perfectly well where
all the mailing lists are but they cannot do that because many lists
leak spam when spammers steal address books and send spam with
a fake From: of a subscriber. ARC specifically addresses this
situation by letting the recipient do the filtering that the list
didn't, e.g., reject unaligned input messages.
I don't understand that. If the message was rejectable of quarantinable why
did the MLM pass it? It looks as if the MLM implements ARC but not DMARC.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
