On Wed 16/Nov/2022 05:35:52 +0100 Roland Turner wrote:
On 15/11/22 23:10, Alessandro Vesely wrote:
On Mon 14/Nov/2022 18:54:33 +0100 Wei Chuang wrote:
> On Mon, Nov 14, 2022 at 8:03 AM Alessandro Vesely <ves...@tana.it> wrote:
> >> BTW, we all know that mailing lists send one message at a time, doing >>
VERP for each subscriber. They can more easily include the recipient in >>
the ARC signature. However, any spammer can do the same. >
> WRT to the ARC like proposed approaches, agreed that the spammer can sign >
for each recipient as well. However then the spammer has identified >
themselves in the path, and some future path aware reputation systems will >
be able to distinguish the spammer from benign forwarding flows.
If you can filter basing on a reliable reputation system, current ARC seals are
enough already, aren't they?
Not quite, because they're not usually applied when a message is forwarded
intact. One outcome of the proposed WG might be to specifically encourage all
MLMs to ARC-sign, even if they don't break the author's DKIM signature, in this
case to facilitate path reasoning in addition to coping with DKIM-breakage.
Right. It'd be enough to require SPF pass of the last element of the chain,
besides AMS verification. That proves the ARC chain itself is not being
replayed. To me, it doesn't sound as an exaggerate requirement.
(I forget the IETF language for this, but there's a distinction between
documents which specify protocols and documents which provide guidance on their
use.)
Application Statement?
Best
Ale
--
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
