[dmarc-discuss] A bit quiet?

Scott Kitterman sklist at kitterman.com
Thu Oct 22 19:42:54 PDT 2015


Okay. If I implement ARC as a receiver, then I ignore p=reject from Senders I trust not to lie to me if it passes ARC?

Scott K

On October 22, 2015 10:15:24 PM EDT, Roland Turner via dmarc-discuss <dmarc-discuss at dmarc.org> wrote:
>ARC provides a standardised, software-implementable, means for
>trustworthy forwarders to implement chain-of-custody records and
>therefore for receivers to reliably and simply automate assessments
>about messages received through trustworthy paths that are currently
>both generally too complicated to make other than by hand and - for
>longer forwarding chains than author->list->recipient - depend upon
>trusting untrustworthy data from several hops upstream.
>
>The decisions about who to trust remain more-or-less those which
>receivers already make, ARC extends the distance that that trust can be
>algorithmically extended. An untrusted bad guy gains nothing, except
>against a naive receiver who imagines that ARC is magic. See also naive
>receivers assuming that SPF passing meant that a message was not spam.
>Likewise DKIM passing. Likewise DMARC passing. The important change
>here is that, in addition to incorporating an assessment of the
>trustworthiness of the author and/or the last hop, assessments of the
>trustworthiness of forwarders enter the picture.
>
>- Roland
>
>
>        Roland Turner | Labs Director
>Singapore | M: +65 96700022
>roland.turner at trustsphere.com
>
>
>
>________________________________________
>From: dmarc-discuss <dmarc-discuss-bounces at dmarc.org> on behalf of
>Scott Kitterman via dmarc-discuss <dmarc-discuss at dmarc.org>
>Sent: Friday, 23 October 2015 04:44
>To: dmarc-discuss at dmarc.org
>Subject: Re: [dmarc-discuss] A bit quiet?
>
>On October 22, 2015 1:19:51 PM EDT, Franck Martin via dmarc-discuss
><dmarc-discuss at dmarc.org> wrote:
>>The fun is moving to ARC
>>
>>https://dmarc.org/2015/10/global-mailbox-providers-deploying-dmarc-to-protect-users/
>>
>
>How does that actually help? At least as I read the draft, anyone can
>make up a 'bad' message and an associated made up DKIM signature and
>then add their ARC stamp claiming the signature was valid when the
>message arrived?
>
>Scott K
>
>_______________________________________________
>dmarc-discuss mailing list
>dmarc-discuss at dmarc.org
>http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>
>NOTE: Participating in this list means you agree to the DMARC Note Well
>terms (http://www.dmarc.org/note_well.html)
>
>_______________________________________________
>dmarc-discuss mailing list
>dmarc-discuss at dmarc.org
>http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>
>NOTE: Participating in this list means you agree to the DMARC Note Well
>terms (http://www.dmarc.org/note_well.html)

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://dmarc.org/pipermail/dmarc-discuss/attachments/20151022/042e1016/attachment.html>


More information about the dmarc-discuss mailing list