[dmarc-discuss] A bit quiet?

Scott Kitterman sklist at kitterman.com
Thu Oct 22 21:31:54 PDT 2015


If I trust the sender enough to override DMARC policy results, what more does ARC add?  

I thought we'd already discussed the idea of the non-scalability of whitelists to death.  Absent a trusted sender whitelist, what can you do with ARC?

Scott K

On October 22, 2015 11:03:59 PM EDT, Roland Turner via dmarc-discuss <dmarc-discuss at dmarc.org> wrote:
>Broadly, yes. You'd need to trust the entire chain of ARC-signing
>forwarders of course.
>
>
>- Roland
>
>
>
>[http://www.trustsphere.com/images/signatures/trustsphere.png]<https://www.trustsphere.com>
>    Roland Turner | Labs Director
>Singapore | M: +65 96700022
>roland.turner at trustsphere.com<mailto:roland.turner at trustsphere.com>
>
>
>
>
>________________________________
>From: dmarc-discuss <dmarc-discuss-bounces at dmarc.org> on behalf of
>Scott Kitterman via dmarc-discuss <dmarc-discuss at dmarc.org>
>Sent: Friday, 23 October 2015 10:42
>To: DMARC Discussion List
>Subject: Re: [dmarc-discuss] A bit quiet?
>
>Okay. If I implement ARC as a receiver, then I ignore p=reject from
>Senders I trust not to lie to me if it passes ARC?
>
>Scott K
>
>On October 22, 2015 10:15:24 PM EDT, Roland Turner via dmarc-discuss
><dmarc-discuss at dmarc.org> wrote:
>
>ARC provides a standardised, software-implementable, means for
>trustworthy forwarders to implement chain-of-custody records and
>therefore for receivers to reliably and simply automate assessments
>about messages received through trustworthy paths that are currently
>both generally too complicated to make other than by hand and - for
>longer forwarding chains than author->list->recipient - depend upon
>trusting untrustworthy data from several hops upstream.
>
>The decisions about who to trust remain more-or-less those which
>receivers already make, ARC extends the distance that that trust can be
>algorithmically extended. An untrusted bad guy gains nothing, except
>against a naive receiver who imagines that ARC is magic. See also naive
>receivers assuming that SPF passing meant that a message was not spam.
>Likewise DKIM passing. Likewise DMARC passing. The important change
>here is that, in addition to incorporating an assessment of the
>trustworthines!
> s of the
>author and/or the last hop, assessments of the trustworthiness of
>forwarders enter the picture.
>
>- Roland
>
>
>        Roland Turner | Labs Director
>Singapore | M: +65 96700022
>roland.turner at trustsphere.com
>
>
>
>________________________________
>
>From: dmarc-discuss <dmarc-discuss-bounces at dmarc.org> on behalf of
>Scott Kitterman via dmarc-discuss <dmarc-discuss at dmarc.org>
>Sent: Friday, 23 October 2015 04:44
>To: dmarc-discuss at dmarc.org
>Subject: Re: [dmarc-discuss] A bit quiet?
>
>On October 22, 2015 1:19:51 PM EDT, Franck Martin via dmarc-discuss
><dmarc-discuss at dmarc.org> wrote:
>The fun is moving to ARC
>
>https://dmarc.org/2015/10/global-mailbox-providers-deploying-dmarc-to-protect-users/
>
>
>How does that actually help? At least as I read the draft, anyone can
>make up a 'bad' message and an associated made up DKIM signature and
>then add their ARC stamp claiming the signature was valid when the
>message arrived?
>
>Scott K
>
>________________________________
>
>dmarc-discuss mailing list
>dmarc-discuss at dmarc.org
>http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>
>NOTE: Participating in this list means you agree to the DMARC Note Well
>terms (http://www.dmarc.org/note_well.html)
>
>________________________________
>
>dmarc-discuss mailing list
>dmarc-discuss at dmarc.org
>http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>
>NOTE: Participating in this list means you agree to the DMARC Note Well
>terms (http://www.dmarc.org/note_well.html)
>
>--
>Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>dmarc-discuss mailing list
>dmarc-discuss at dmarc.org
>http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>
>NOTE: Participating in this list means you agree to the DMARC Note Well
>terms (http://www.dmarc.org/note_well.html)

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://dmarc.org/pipermail/dmarc-discuss/attachments/20151023/c156eae2/attachment.html>


More information about the dmarc-discuss mailing list