On Mon, Apr 10, 2023 at 8:15 AM John Levine <jo...@taugh.com> wrote:
> It appears that Wei Chuang <wei...@google.com> said: > >1) We know that a sender intends to send a message down some path that may > >include a mailing list, that got to me safely. This is to avoid DKIM > >replay and FROM spoofing attacks. > > I think we can do that by looking at the To/Cc addresses to check if > they include the list that forwarded the mail. > +1 One approach might be to chain together recipients/sender pairs across forwarders, and sign the recipients. (Another approach might be to tie together SMTP transactions between sending-service/receiving-service pairs) > > >2) That we can identify the contributors to the content of the message in > >that path to distinguish malicious vs benign contributors. > > Isn't that what ARC is for? You can look back through the list headers > to see what the state of the message was like on the way in. While I > am not a fan of applying DMARC policies to the output of forwarders > like mailing lists, they work to filter inbound mail to a list. With ARC and a modifying mailing list, we hopefully will see that an expected DKIM-signature fails and hopefully at least a terminating ARC-Message-Signature that passes. With these tools, the receiver isn't able to see which part of the message was contributed by the sender vs the mailing list. If there's spammy content, the receiver can't distinguish which party contributed to that content, then so has to attribute that spammy content to both parties, but at the cost of harming the innocent one. Despite that issue I should mention that ARC/DMARC still helps us in knowing who your sender is, which is helpful. -Wei > > > For certain > >constrained but hopefully reasonable scenarios of mailing list > >modifications, we might be able to distinguish the sources of content. > > People have been suggesting this forwver, but it really doesn't scale. > There are a lot more list hosts with a lot more configurations that > any of us have individually ever seen. In many cases they add or > rewrite MIME parts which is extremely hard to unwind enough to see if > a DKIM signature would have been valid. > > R's, > John >
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
