On Mon 06/May/2024 19:00:24 +0200 Brandon Long wrote:
On Mon, May 6, 2024 at 12:41 AM Alessandro Vesely via mailop
<mailop@mailop.org> wrote:
The question is, since Gmail seems to require a DKIM signature just to
make sure some domain is responsible for the message, doesn't an ARC seal
cover the same requirement? >
[...]
The challenge with Gmail's new rules and forwarding is that they want you to
provide an authentication signal (spf or dkim), but you also don't really
know what you're sending, so doing so can result in a negative effect on
your reputation. How to square that circle is left as an exercise to the
reader. DKIM signing or using SPF would potentially solve that.
Fair enough, thank you. I replace the bounce address (because in case of
problems I need to inform the recipient rather than the author) so they're
authenticated, albeit unwillingly and unaligned.
For reputation, I skip forwarding messages with SA score >= 9.
ARC seems to be a useless exercise, for the time being.
The flip-side is if the Gmail "dkim required for major senders" message
could be talking about the actual source before forwarding, in which case
adding dkim or spf at the forwarder won't help. The request then is more
like DMARC, looking for some level of alignment between the source and
authentication. ARC was designed to help for that case, assuming the
message was DKIM signed in by the sender in the first place. Unfortunately,
one of the reasons that ARC is experimental is that solving the "trust" part
on forwarding is non-trivial.... well, sorta, explicit opt-in of forwarders
would work fine. In the case of someone forwarding their mailbox from a to
b, having that specific account say "I'm forwarding from A, accept forwarded
mail from them" would solve the issue,at the challenge of requiring user
opt-in.
Yeah, I briefly discussed with your colleague Wei Chuang about experimenting
that way to fix forwarding... But that's another topic.
Best
Ale
--
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop