> Il 10 aprile 2018 alle 2.15 Brandon Long via mailop <mailop@mailop.org> ha 
> scritto: 
> Google does not yet trust third party ARC signatures, yes.  We're open to 
> manually
> adding some as they become available, but overall, it's a chicken and egg 
> thing
> so far, there aren't enough of them yet for us to create a mechanism to 
> automatically
> build trust.

This is also the biggest concern about ARC from my viewpoint. There are a few 
millions of small independent mail servers and some of them run just a handful 
of mailing lists, e.g. for a local non profit or group of friends. The list 
server software may implement ARC, but how will these hosts be able to gain the 
trust necessary for the receivers to accept their ARC signatures? Very big 
players like Google already have a complex trust system in place and may be 
able to come up with good automated measurements of trust even for small hosts, 
but the risk is that others will just build a whitelist of the few major 
mailing list platforms and distrust everyone else's lists (which, as far as I 
know, is how OpenARC's implementation works for the moment).

It would be better to go by blacklists, as it has usually been for anti-abuse, 
rather than by whitelists; it would be even better if there were an effort to 
share trust indicators so that even small operators can use them.


Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
Office @ Via Treviso 12, 10144 Torino, Italy

mailop mailing list

Reply via email to