[ih] Various tests
John R. Levine
johnl at iecc.com
Sun Feb 11 08:32:28 PST 2024
> I'm under the impression that this is the problem that ARC is supposed to
> solve. The email intermediary, namely the list itself, can use ARC to
> certify that it confirmed the signatures on the earlier hops in the
> delivery path.
Right.
> It's amusing that they didn't require any specific DMARC actions, only that
> you turn on the reports; but once you have the reports, bugs and
> configuration problems become glaringly obvious; and once you fix them
> sammers forging email from your domain become glaringly obvious; and then
> when you change the disposition to quarantine (request that downstream MTAs
> treat signature violations as spam); the spammers go away.
I have had DMARC with p=none for a decade and have collected over 390,000
reports. I have yet to see a reason to change the policy from none.
Unless you are a bank or a large famous organization, spammers don't care
about you, although there are plenty of people whose business models
depend on persuading everyone that p=reject is essential.
> Unless the email wizards missed something it appears that as DMARC rolls
> out we will have strong end-to-end cryptographic signatures of the ISP
> which authenticated the human originating every message.
The vast majority of senders have been signing mail with DKIM for a
decade. This is not new.
Regards,
John Levine, johnl at taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
More information about the Internet-history
mailing list