On Tue, Apr 2, 2024 at 8:49 AM John Levine <[email protected]> wrote:
> It appears that Murray S. Kucherawy <[email protected]> said: > >Can you give an example, even if only a hypothetical one? > > I'm not Emmanuel but people at large mail systems have told me that > the biggest value of ARC is to deal with mailing lists that do lousy > spam filtering. Lists often let anything through that has the address > of a subscriber on the From: line. Mail systems see legit lists that > gush spam when some bot starts sending mail to the list with fake > subscriber addresses, because the bot herder is using address pairs > from stolen address books. > > While we all know the reasons that you don't want to enforce DMARC on > the mail coming out of a mailing list, it makes a lot more sense to > enforce it on mail going into a list. You can use ARC to look back and > see if the mail was aligned on the way in and if not treat it as spam. > I think details about the technique to which you're alluding, especially with real world examples, anecdotes, or other data, would be really valuable to publish somewhere, be that in this document or elsewhere. Even just a paragraph that explains what ARC brings that we didn't have before, that can be used to mitigate DMARC damage, would be a step in the right direction. The ARC usage document appears to have been parked and expired, so that advice doesn't seem to exist anywhere now. Is the plan to revive that, now that we appear to have at least one source of experience? -MSK, p11g
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
