On Wed, Mar 15, 2023 at 4:02 AM Alessandro Vesely <[email protected]> wrote:

> On Wed 15/Mar/2023 07:55:15 +0100 Wei Chuang wrote:
> > On Tue, Mar 14, 2023 at 9:11 AM Scott Kitterman <[email protected]>
> wrote:
> >
> >> For the replay resistance part of the question, I think it would make
> >> sense to wait and see how the DKIM working group addresses the problem
> for
> >> DKIM generally and then assess how their solution impacts ARC and how
> it
> >> addresses the issue for ARC.
> >>
> >> I think the question of spamminess is orthogonal to the authentication
> >> questions that ARC attempts to answer.  It's subjective, so I don't
> think
> >> it can really play into ARC.
> >>
> >> Additionally, if the intermediary thinks a message is bad (spam), then
> the
> >> solution is to not send the message onward and try to make it someone
> >> else's problem.
> >
> > Likely the issue is that the intermediary doesn't think of the specific
> > message as being spam, yet is worried about the possibility of
> > authenticating spam so drops ARC for some scenarios. The receiver still
> > could benefit from seeing the Authentication-Results of the
> intermediary.
> > In other scenarios, the ARC headers are intentionally broken by a
> spammer.
> > Should non-malicious forwarders of those messages still generate ARC
> > headers?  Keep in mind, the forwarder again might not realize the
> message
> > is spammy
>
>
> I think running at least a minimal, conservative filter so as to drop
> blatant
> spam, phishing and viruses is de rigueur.  Otherwise you're akin to an
> open relay.
>
> That said, ARC is still preferable in stead of DKIM as it doesn't involve
> /claiming some responsibility for the message/.
>

+1 Agreed.
-Wei


>
>
> Best
> Ale
> --
>
>
>
>
>
>
> _______________________________________________
> dmarc mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/dmarc
>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to