On Sun, 27 Oct 2024, Tero Kivinen wrote:
Yes in DKIM2 you may discover that an alteration was malicious, but at
least it will be crystal clear (once, for forensic purposes you check
every signature to hand) which entity should be blocked henceforth.
That looks like this forensic thing is done by the postmaster etc on
the receiving end, i.e., people, not automatic systems, thus this is
even less scaleable than users adding their known trusted forwarders
to their trusted forwarders list.
You're missing the point. There aren't a lot of malicious forwarders.
I can't even remember the last time I got mail from one. In most cases,
if you get forwarded mail, you can use the reputation of the original
sender. DKIM2 lets you tell mechanically that it really was forwarded,
a key difference from ARC.
If a host is doing malicious forwarding, it is unlikely that it is sending
any mail people want, so you can just block it. We already have ways to
share lists of bad senders.
R's,
John
_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]
