[dmarc-discuss] General DMARC weakness - personal forwarding

Roland Turner roland at rolandturner.com
Fri Jun 1 02:49:39 PDT 2018


On 01/06/18 17:04, Alessandro Vesely via dmarc-discuss wrote:

> I see.  As a small receiver, I didn't even think about comparing different
> forwarders of the same senders.  In my case, such coincidences only cover a
> handful of trusted mailing lists.  Your argument further confirms how ARC
> better suits large receivers.

Not quite:

  * It confirms that mapping who to trust requires both access to and
    the ability to process a view of a large subset of the world's
    mail-servers. This is comparable to the work of cartographers in the
    physical world: you *could* drive from one end of a continent to the
    other without ever examining a map (or roadside signs prepared by
    people who had examined maps), but it would be very, very difficult.
  * It confirms that rational use of ARC by small receivers will require
    help from "cartographers", whereas big receivers are large enough to
    have their own. This sounds bad, but note that this is already true
    for SMTP anyway. Yes, you can deploy a mail-server at will, but
    securing it without the use of reputation data (typically a DNSBL)
    will be somewhere between very difficult and actually infeasible.
    Few people attempt this in practice. My guess is that if ARC turns
    out to be useful, then the reputation data required for small
    receivers to make good use of it will be readily available.


> Thank you for a nice discussion

Likewise!

- Roland
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://dmarc.org/pipermail/dmarc-discuss/attachments/20180601/60c72429/attachment.html>


More information about the dmarc-discuss mailing list