-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In message <[email protected]>, Jeroen Massar <[email protected]> writes
>The moment that the big mail providers (who are not vocal here it seems), check your spam folder, I write here more than is probably useful >who >have implemented ARC in some way or another and are very likely at least using >it to score email based on it, thus using ARC presence as a signal (just like >every other spam vector), when those providers drop support, then we'll know >that they do not value it. As I explained a while back, at $DAYJOB$ we implemented a scheme for using ARC to influence DMARC decisions. It has no other real impact on "scoring" which is all about email content and customer feedback. Using ARC information worked very badly because another large provider failed to tell us that the contents of email had been altered (to make it malicious) by a third party ... I believe that remains the case, and so we no longer treat their assertions as having any value. The main problem is that an ARC attestation only has value if you receive the email directly from the organisation making that attestation and ARC has no linkage with the SMTP protocol ... that issue (amongst many other things) is fixed in DKIM2. So ARC is pretty much valueless to $DAYJOB$ and IMNSHO anyone implementing it at this point in time is entirely wasting (considerable amounts of) their time in doing so. >But till DKIM2 is out, in what, another decade??, I think that you may not have noticed the step change that "Yahoogle" made on the use of email authentication systems. > IMHO, and in my usage, ARC >gives a very clear signal to how the forwarding chain is happening, That is just not true ... the bad guys changed the email and failed (not surprisingly) to document that they had done so. As it happens our systems logged enough to be able to be certain as to where changes would have occurred (and if the lawyers allowed me to look at customer mail I would have been able to pick apart the header fields directly...) > and yes, I >am using it to score too and it helps, just like every other signal that mail >has, every bit helps. In our experience, we found it hindered. BTW: anyone who has looked at Trent's draft will know the above because I contributed text to it (and a number of the "less vocal" big mail providers did so too)... so please can we move on to re-chartering the WG so we can fix text about why ARC does not work that doesn't seem to have been clear enough ... - -- richard writing to inform and not as company policy "Assembly of Japanese bicycle require great peace of mind" quoted in ZAMM -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBaYvcemHfC/FfW545EQJRXgCfYsh4F0TkgD7r1WpF5Uw44iZc1rcAoOnm xckcS6FmLqinEivSi0VhTabM =/jif -----END PGP SIGNATURE----- _______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
