It appears that Wei Chuang <[email protected]> said: >1) We know that a sender intends to send a message down some path that may >include a mailing list, that got to me safely. This is to avoid DKIM >replay and FROM spoofing attacks.
I think we can do that by looking at the To/Cc addresses to check if they include the list that forwarded the mail. >2) That we can identify the contributors to the content of the message in >that path to distinguish malicious vs benign contributors. Isn't that what ARC is for? You can look back through the list headers to see what the state of the message was like on the way in. While I am not a fan of applying DMARC policies to the output of forwarders like mailing lists, they work to filter inbound mail to a list. > For certain >constrained but hopefully reasonable scenarios of mailing list >modifications, we might be able to distinguish the sources of content. People have been suggesting this forwver, but it really doesn't scale. There are a lot more list hosts with a lot more configurations that any of us have individually ever seen. In many cases they add or rewrite MIME parts which is extremely hard to unwind enough to see if a DKIM signature would have been valid. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
