[dmarc-discuss] A bit quiet?

Shal Farley shals2nd at gmail.com
Sun Oct 25 16:00:47 PDT 2015


Scott,

> If I trust the sender enough to override DMARC policy results, what more 
> does ARC add? 

A subtle, but important thing it adds is the identity of the bad actor. That is, in order to forge an ARC result the intermediary had to be in the DNS system with the relevant ARC information provided. 

So if you are maintaining a reputation system it becomes harder for the bad actors to escape a bad reputation. And much harder for bad actors to give good actors a bad reputation by using a good actor's name.

> I thought we'd already discussed the idea of the non-scalability of 
> whitelists to death. Absent a trusted sender whitelist, what can you do 
> with ARC?

The recommended usage document addresses some of this.
http://arc-spec.org/

But the bottom line is: not magic, just chain of custody. When a message fails DMARC you can use ARC to feed your own classifier for whether to obey a p=reject.

-- Shal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://dmarc.org/pipermail/dmarc-discuss/attachments/20151025/aee27de9/attachment.html>


More information about the dmarc-discuss mailing list