On Tue, Apr 2, 2024 at 11:58 AM Murray S. Kucherawy <[email protected]> wrote:
> On Tue, Apr 2, 2024 at 8:49 AM John Levine <[email protected]> wrote: > >> It appears that Murray S. Kucherawy <[email protected]> said: >> >Can you give an example, even if only a hypothetical one? >> >> I'm not Emmanuel but people at large mail systems have told me that >> the biggest value of ARC is to deal with mailing lists that do lousy >> spam filtering. Lists often let anything through that has the address >> of a subscriber on the From: line. Mail systems see legit lists that >> gush spam when some bot starts sending mail to the list with fake >> subscriber addresses, because the bot herder is using address pairs >> from stolen address books. >> >> While we all know the reasons that you don't want to enforce DMARC on >> the mail coming out of a mailing list, it makes a lot more sense to >> enforce it on mail going into a list. You can use ARC to look back and >> see if the mail was aligned on the way in and if not treat it as spam. >> > > I think details about the technique to which you're alluding, especially > with real world examples, anecdotes, or other data, would be really > valuable to publish somewhere, be that in this document or elsewhere. Even > just a paragraph that explains what ARC brings that we didn't have before, > that can be used to mitigate DMARC damage, would be a step in the right > direction. > > The ARC usage document appears to have been parked and expired, so that > advice doesn't seem to exist anywhere now. Is the plan to revive that, now > that we appear to have at least one source of experience? > At M3AAWG a month ago, a couple of major mailboxes agreed to share their experience (and success) with ARC to this list. It is apparently making a significant difference for their systems. Getting that data public is still slow moving. > > -MSK, p11g > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc > -- Seth Blank | Chief Technology Officer Email: [email protected] This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
