[dmarc-discuss] A bit quiet?

Roland Turner roland.turner at trustsphere.com
Thu Oct 22 20:03:59 PDT 2015


Broadly, yes. You'd need to trust the entire chain of ARC-signing forwarders of course.


- Roland



[http://www.trustsphere.com/images/signatures/trustsphere.png]<https://www.trustsphere.com>     Roland Turner | Labs Director
Singapore | M: +65 96700022
roland.turner at trustsphere.com<mailto:roland.turner at trustsphere.com>




________________________________
From: dmarc-discuss <dmarc-discuss-bounces at dmarc.org> on behalf of Scott Kitterman via dmarc-discuss <dmarc-discuss at dmarc.org>
Sent: Friday, 23 October 2015 10:42
To: DMARC Discussion List
Subject: Re: [dmarc-discuss] A bit quiet?

Okay. If I implement ARC as a receiver, then I ignore p=reject from Senders I trust not to lie to me if it passes ARC?

Scott K

On October 22, 2015 10:15:24 PM EDT, Roland Turner via dmarc-discuss <dmarc-discuss at dmarc.org> wrote:

ARC provides a standardised, software-implementable, means for trustworthy forwarders to implement chain-of-custody records and therefore for receivers to reliably and simply automate assessments about messages received through trustworthy paths that are currently both generally too complicated to make other than by hand and - for longer forwarding chains than author->list->recipient - depend upon trusting untrustworthy data from several hops upstream.

The decisions about who to trust remain more-or-less those which receivers already make, ARC extends the distance that that trust can be algorithmically extended. An untrusted bad guy gains nothing, except against a naive receiver who imagines that ARC is magic. See also naive receivers assuming that SPF passing meant that a message was not spam. Likewise DKIM passing. Likewise DMARC passing. The important change here is that, in addition to incorporating an assessment of the trustworthines!
 s of the
author and/or the last hop, assessments of the trustworthiness of forwarders enter the picture.

- Roland


        Roland Turner | Labs Director
Singapore | M: +65 96700022
roland.turner at trustsphere.com



________________________________

From: dmarc-discuss <dmarc-discuss-bounces at dmarc.org> on behalf of Scott Kitterman via dmarc-discuss <dmarc-discuss at dmarc.org>
Sent: Friday, 23 October 2015 04:44
To: dmarc-discuss at dmarc.org
Subject: Re: [dmarc-discuss] A bit quiet?

On October 22, 2015 1:19:51 PM EDT, Franck Martin via dmarc-discuss <dmarc-discuss at dmarc.org> wrote:
The fun is moving to ARC

https://dmarc.org/2015/10/global-mailbox-providers-deploying-dmarc-to-protect-users/


How does that actually help? At least as I read the draft, anyone can make up a 'bad' message and an associated made up DKIM signature and then add their ARC stamp claiming the signature was valid when the message arrived?

Scott K

________________________________

dmarc-discuss mailing list
dmarc-discuss at dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)

________________________________

dmarc-discuss mailing list
dmarc-discuss at dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://dmarc.org/pipermail/dmarc-discuss/attachments/20151023/516c5ac7/attachment-0001.html>


More information about the dmarc-discuss mailing list