*You* are the answer…
________________________________ Tony Brock Senior IT Systems and Security Engineer [Parker Poe] Three Wells Fargo Center | 401 South Tryon Street | Suite 3000 | Charlotte, NC 28202 Office: 704.335.9535 | Fax: 704.335.9780 | map<https://www.google.com/maps?q=401+South+Tryon+Street,Charlotte,NC,28202,United+States> Visit our website at www.parkerpoe.com<http://www.parkerpoe.com> From: dmarc-discuss [mailto:dmarc-discuss-boun...@dmarc.org] On Behalf Of Al Iverson via dmarc-discuss Sent: Thursday, May 24, 2018 9:33 AM To: dmarc-discuss@dmarc.org Subject: Re: [dmarc-discuss] General DMARC weakness - personal forwarding ***Caution: External email*** On Thu, May 24, 2018 at 5:11 AM, Vittorio Bertola via dmarc-discuss <dmarc-discuss@dmarc.org<mailto:dmarc-discuss@dmarc.org>> wrote: >> Il 23 maggio 2018 alle 9.43 Alessandro Vesely via dmarc-discuss >> <dmarc-discuss@dmarc.org<mailto:dmarc-discuss@dmarc.org>> ha scritto: >> >> ARC will allow message modifications. However, it will require that >> Google/Apple/etc recognize SomeCo as a trusted forwarder, in order to >> believe reported authentication results. > > This is actually an area of concern to us: how will small scale operations, > like a server that only hosts a handful of mailing lists for local non > profits / open source projects / amateur groups etc, be able to be recognized > as trusted ARC intermediaries? The big players have reputation systems that > could be used for this as well, but what about everyone else? The risk is to > prompt more centralization in email services, which is not how the Internet > should work - or to prompt people to use instant messaging groups instead. Those entities can handle it the same way they do today - rewriting headers to become the sender, so any authentication falls to them. This is basically already settled, if you want to run a mailing list today and you want to maximize delivery of the mail, you have to do this. Like this very list does. Maybe the small guys will have to keep using this method? I am curious to know the answer to your question. But also, I run a small number of mailing lists myself, just fine, without ARC. So I am not worried about having to directly support ARC. Maybe my opinion on that will change? But for now, that is what it is. Regards, Al Iverson -- al iverson // wombatmail // miami http://www.aliverson.com<http://www.aliverson.com> http://www.spamresource.com<http://www.spamresource.com> _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org<mailto:dmarc-discuss@dmarc.org> http://www.dmarc.org/mailman/listinfo/dmarc-discuss<http://www.dmarc.org/mailman/listinfo/dmarc-discuss> NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html<http://www.dmarc.org/note_well.html>) PRIVILEGED AND CONFIDENTIAL: This electronic message and any attachments are confidential property of the sender. The information is intended only for the use of the person to whom it was addressed. Any other interception, copying, accessing, or disclosure of this message is prohibited. The sender takes no responsibility for any unauthorized reliance on this message. If you have received this message in error, please immediately notify the sender and purge the message you received. Do not forward this message without permission. [ppab_p&c]
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
