Re: [dmarc-ietf] ARC questions

Dave Crocker <> Mon, 23 November 2020 22:30 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 406EA3A13EE for <>; Mon, 23 Nov 2020 14:30:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.199
X-Spam-Status: No, score=-0.199 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id F1KBpe5w0-2G for <>; Mon, 23 Nov 2020 14:30:33 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::436]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 11C553A13EB for <>; Mon, 23 Nov 2020 14:30:33 -0800 (PST)
Received: by with SMTP id w187so1871961pfd.5 for <>; Mon, 23 Nov 2020 14:30:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=JMY/s9PE/S8n0G6avuB5aIdPRTUkHlIZF7mCa8nbzh4=; b=LqUT28XixNVliZMN8IDVT2B29zG5v21Yos0jh/8w55wL+HFe8cP4bunZb3ySvDhiiw SIC9T1kngvr3fUgA0Cq+wH92xiU0igDfYsmmeVl3rwIwnGiMbPyUF2jIq9xtCnGbOvY1 EYvBS4ynQeMNEoATnWu11yuh3uu7CeAlVtUoIg2kF+7wAxUzHSl0bAMsHukmt9fyVR94 jRd6prbmGA+cfaHt9geXDaNptIr4R7t41EmE0SytrFIfFlnphSeSyWA0rFXWuNMObFoJ qBzKUsCvy5XavAaa02ydbEnzyXcKvFbigbLCrOztPZ9hvfZpnkx5o8krSl/4bKMCWn0C aGsg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=JMY/s9PE/S8n0G6avuB5aIdPRTUkHlIZF7mCa8nbzh4=; b=qh/pu+dCqTUkb6nrZgFNoGKL+Ww+bssOxnAfFnJswXjbbF817lYy4/rpOOP/JFTyRT j8VMtrA0qZi32A9PU3yiUmETkAhPUQ5UqIqqLnE7o7C/VKVhhVQAXcMT0+ZA7LpOO18N wQC92/tPGqu17wTwXZ7JG3N1xhLvEUJqtvC6HwTEfmGp1keo4sJugc+q8fcVtWA9Mnep wwzyattAYA+udiBUZ+we9q24x0x9KWW6CL+uhjqDpN7fFbsIiGyUN+DgHXfg4pmMaGW3 SMk5mp3MttppxFQAcBWCz9GJ8F9PhxzuiazKqBwvirYW4wuv3Po+G8j5NoL7wKqhLyGb EuhA==
X-Gm-Message-State: AOAM530Z5LxkyVxEhnKQ58mfJ3Qs57/4k5GvccQPUwATbmGVS8IrWD7d AfmyYsXsXROsYnl1RCPmc1kavOAnkYY=
X-Google-Smtp-Source: ABdhPJz2Kcx540hnv+PPEoMYB3S6xD1Z1ykyE2voWWrsj06I6erIVzviBi8Y71U1TQH9JO4gMXAfRA==
X-Received: by 2002:a63:1445:: with SMTP id 5mr1266305pgu.357.1606170632284; Mon, 23 Nov 2020 14:30:32 -0800 (PST)
Received: from [] ( []) by with ESMTPSA id 12sm383828pjt.25.2020. (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 23 Nov 2020 14:30:31 -0800 (PST)
To: John Levine <>,
References: <> <> <> <> <rph9gd$2mp3$>
From: Dave Crocker <>
Message-ID: <>
Date: Mon, 23 Nov 2020 14:30:30 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.5.0
MIME-Version: 1.0
In-Reply-To: <rph9gd$2mp3$>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <>
Subject: Re: [dmarc-ietf] ARC questions
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 23 Nov 2020 22:30:34 -0000

On 11/23/2020 1:27 PM, John Levine wrote:
> In article <>om>,
> Dave Crocker  <> wrote:
>>> I believe, though, that the intent of ARC is that it be scalable in
>>> ways that manual enumeration of known legit mailing lists and
>>> forwarders is not.
>> "if you know which hosts are legit" buries an assumption that is
>> problematic, namely that you know who handled the message.  The fact
>> that a message purports to be handled by a mailing list you trust does
>> not mean it actually was.
> Pretty close, but not quite.
> You know that a message came from a mailing list because you have your
> list of IPs or DKIM signatures of lists you trust.

Except that was not stated or, really, even implied in the text of the 
message I was replying to.  Rather, something like that seemed to be 
taken as an assumption, but without any clear foundation.

For these kinds of discussions, which are mostly about understanding 
these capabilities clearly, accurately, and precisely, the core 
requirement is to separate the essential bits of information and the 
basis for knowing each bit.

> ARC deals with the problem that most list software forwards everything
> with a subscriber's address on the From: line and does a lousy job of
> spam filtering.

Forgive me but I believe misbehavior by mailing lists has never been 
meaningfully documented for this work.  Quite the contrary.

List mail has been collateral damage, not because lists have misbehaved 
but because they got caught by a spontaneous change in the email service 
by some providers.


Dave Crocker

Volunteer, Silicon Valley Chapter
American Red Cross