John R. Levine writes: > On Sun, 27 Oct 2024, Tero Kivinen wrote: > >> Yes in DKIM2 you may discover that an alteration was malicious, but at > >> least it will be crystal clear (once, for forensic purposes you check > >> every signature to hand) which entity should be blocked henceforth. > > > > That looks like this forensic thing is done by the postmaster etc on > > the receiving end, i.e., people, not automatic systems, thus this is > > even less scaleable than users adding their known trusted forwarders > > to their trusted forwarders list. > > You're missing the point. There aren't a lot of malicious forwarders. > I can't even remember the last time I got mail from one. In most cases, > if you get forwarded mail, you can use the reputation of the original > sender. DKIM2 lets you tell mechanically that it really was forwarded, > a key difference from ARC.
If there is no malicous forwarders, you can just trust the ARC headers they put in, and if they said DKIM was valid when it came in, you can trust it... If you find out this is one of those malicious forwarders, then you can denylist it.. > If a host is doing malicious forwarding, it is unlikely that it is > sending any mail people want, so you can just block it. We already > have ways to share lists of bad senders. Same with ARC. If the host is doing malicious forwarding, and are not properly checking the dkim, spf etc when the email comes in, and records those things incorrectly to ARC header, you most likely will not want to get email by that forwarder, or you want to complain to them and ask them to fix their setup... -- [email protected] _______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
