> Il 10 aprile 2018 alle 2.15 Brandon Long via mailop <email@example.com> ha > scritto: > > > Google does not yet trust third party ARC signatures, yes. We're open to > manually > adding some as they become available, but overall, it's a chicken and egg > thing > so far, there aren't enough of them yet for us to create a mechanism to > automatically > build trust.
This is also the biggest concern about ARC from my viewpoint. There are a few millions of small independent mail servers and some of them run just a handful of mailing lists, e.g. for a local non profit or group of friends. The list server software may implement ARC, but how will these hosts be able to gain the trust necessary for the receivers to accept their ARC signatures? Very big players like Google already have a complex trust system in place and may be able to come up with good automated measurements of trust even for small hosts, but the risk is that others will just build a whitelist of the few major mailing list platforms and distrust everyone else's lists (which, as far as I know, is how OpenARC's implementation works for the moment). It would be better to go by blacklists, as it has usually been for anti-abuse, rather than by whitelists; it would be even better if there were an effort to share trust indicators so that even small operators can use them. Regards, -- Vittorio Bertola | Head of Policy & Innovation, Open-Xchange vittorio.bert...@open-xchange.com Office @ Via Treviso 12, 10144 Torino, Italy _______________________________________________ mailop mailing list firstname.lastname@example.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop