Re: [mailop] Doesn't ARC substitute DKIM at Gmail inbound?

Tue, 07 May 2024 10:13:37 -0700 

On Mon 06/May/2024 19:00:24 +0200 Brandon Long wrote:

On Mon, May 6, 2024 at 12:41 AM Alessandro Vesely via mailop 
<mailop@mailop.org> wrote:
The question is, since Gmail seems to require a DKIM signature just to make sure some domain is responsible for the message, doesn't an ARC seal cover the same requirement? > 
[...]
The challenge with Gmail's new rules and forwarding is that they want you to provide an authentication signal (spf or dkim), but you also don't really know what you're sending, so doing so can result in a negative effect on your reputation. How to square that circle is left as an exercise to the reader. DKIM signing or using SPF would potentially solve that.
Fair enough, thank you. I replace the bounce address (because in case of problems I need to inform the recipient rather than the author) so they're authenticated, albeit unwillingly and unaligned. 

For reputation, I skip forwarding messages with SA score >= 9.

ARC seems to be a useless exercise, for the time being.
The flip-side is if the Gmail "dkim required for major senders" message could be talking about the actual source before forwarding, in which case adding dkim or spf at the forwarder won't help. The request then is more like DMARC, looking for some level of alignment between the source and authentication. ARC was designed to help for that case, assuming the message was DKIM signed in by the sender in the first place. Unfortunately, one of the reasons that ARC is experimental is that solving the "trust" part on forwarding is non-trivial.... well, sorta, explicit opt-in of forwarders would work fine. In the case of someone forwarding their mailbox from a to b, having that specific account say "I'm forwarding from A, accept forwarded mail from them" would solve the issue,at the challenge of requiring user opt-in.
Yeah, I briefly discussed with your colleague Wei Chuang about experimenting that way to fix forwarding... But that's another topic. 


Best
Ale
--





_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Reply via email to