On 2/25/25 3:19 AM, Alessandro Vesely wrote:
Many people, including myself, were skeptical about ARC because of the requirement that it be trusted unconditionally.
No, ARC leaves the question of which sealers to trust - and what to do based on the information it conveyed - up to the receiver. It deferred the question of how to make that decision, because it wasn't going to be feasible to include a one-size-fits-all solution as part of a protocol specification. Some receivers have the scale and resources to track reputation in-house, while others lack one or both and might rely on some external source like a datafeed (e.g. Spamhaus, SURBL, etc) or manual allowlist (see the neglected GitHub community sealer list), or a fixed list reflected established relationships.
If I'm mistaken and ARC has text that says "trust seals and what they tell you unconditionally," please share a reference so that I can learn the error of my ways.
--S. _______________________________________________ dmarc mailing list -- dmarc@ietf.org To unsubscribe send an email to dmarc-le...@ietf.org
