It appears that Michael Thomas <[email protected]> said: >There seems to be a misconception that a mailing list can't resign a >message. Or at least it seems there is. ARC seems to go through a lot of >hoops to associate an arbitrary number of signatures with an arbitrary >number of A-R headers, but how common is that in real life? And how >important is it to actually establish this chain of custody?
I asked people at large mail systems why they don't just accept mail from mailing lists, since they know where the lists are. The answer is that lists leak spam when bots forge mail from list subscribers. The chain of ARC signatures lets them go back and do retroactive filtering, and specifically see whether the original message was DMARC aligned. If anyone is about to say this seems like a really obscure corner case, if only. Back when Yahoo flipped the switch to turn on p=reject and break every mailing list, that was essentially the problem. They'd had two large breaches where crooks had stolen address books, which spammers were using to send people spam with return addresses of people they knew. Yahoo's support was blowing up, why is my grandmother sending me spam? So yeah, it's a real problem. The goal of the chain of mutations is to make it so you don't have to trust the chain of ARC signatures. You can undo the modifications and check. This doesn't mean that the modifications are nice, but it does show that the original message was real. R's, John _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
