On 21/08/2023 17:49, Jarland Donnell via mailop wrote:
Not always but in quite a few cases, yes. If there's no cryptographically verifiable trust from the origin there isn't a method that can make it appear back. SRS and things like SRS just hide it (something akin to "trust that we haven't lied about what address we rewrote").I haven't spent much time on ARC but if I understand correctly, isn't that a 100% trust based system? Meaning I have to trust that when you say you authenticated it, that you're trustworthy when saying it?
That being said, it's way easier for a forwarder not to break DKIM with ARC in the mix. It's also easier for the receiver to trust a forwarder's ARC seal than it is to trust their SRS (and methods like it). It is a bit of a free pass to do a few things naughty, but in those cases the original letters were poorly made (unsigned) anyways (and you can also treat them accordingly if the letter hasn't been mangled).
You might see benefit from ARC even forwarding email within a single organization. Not to mention through multiple forwarders.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
