[dmarc-discuss] General DMARC weakness - personal forwarding
roland at rolandturner.com
Fri Jun 1 02:49:39 PDT 2018
On 01/06/18 17:04, Alessandro Vesely via dmarc-discuss wrote:
> I see. As a small receiver, I didn't even think about comparing different
> forwarders of the same senders. In my case, such coincidences only cover a
> handful of trusted mailing lists. Your argument further confirms how ARC
> better suits large receivers.
* It confirms that mapping who to trust requires both access to and
the ability to process a view of a large subset of the world's
mail-servers. This is comparable to the work of cartographers in the
physical world: you *could* drive from one end of a continent to the
other without ever examining a map (or roadside signs prepared by
people who had examined maps), but it would be very, very difficult.
* It confirms that rational use of ARC by small receivers will require
help from "cartographers", whereas big receivers are large enough to
have their own. This sounds bad, but note that this is already true
for SMTP anyway. Yes, you can deploy a mail-server at will, but
securing it without the use of reputation data (typically a DNSBL)
will be somewhere between very difficult and actually infeasible.
Few people attempt this in practice. My guess is that if ARC turns
out to be useful, then the reputation data required for small
receivers to make good use of it will be readily available.
> Thank you for a nice discussion
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dmarc-discuss