Re: [dmarc-ietf] ARC questions

"Kurt Andersen (b)" <> Sun, 22 November 2020 18:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 98F8D3A09C0 for <>; Sun, 22 Nov 2020 10:42:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id s97Lk0LAw8yd for <>; Sun, 22 Nov 2020 10:42:13 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 225053A09C1 for <>; Sun, 22 Nov 2020 10:42:12 -0800 (PST)
Received: by with SMTP id r17so1878962ilo.11 for <>; Sun, 22 Nov 2020 10:42:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130612; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HA9di1VkNpxlR+w9KTw+1wFImid5hKqWJ31E0zhOX+o=; b=gWmEfv41mk6Gqggxm2rOfbbXFk43hObOG4t84Iargz2BJx6TdqKwa6UnnykEBNlGyU cX5I6H5d9NBk556Z378nTGJc7EzVSUbS7VX/0vTcDiIFnxV9I8hkiSSkJp7xWcfXKMWh UqM7JiDtbkmoCsK68wcVDEsWF+VcKVKsqkeC8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HA9di1VkNpxlR+w9KTw+1wFImid5hKqWJ31E0zhOX+o=; b=ZM/ssfIWBtHaTBvnNiyJM5B2NzJ1V5ENjxoe2LTFkYHHsp2P5JlpjKj1bt0uZW6Ldo SweH+fwTqzZfzvgKdzINj14OIRnpo26HHeegnrO6oVruUmSdYHMOdOLcfYn/dAvWbqtF 38tn2vzmIgCfkq1BjBgDhChx90II9+rxikXF4D7xB/0p2M0URQsiaFzEUJIdJEQMagbw 83E7q4o96nvqYSFhpSgXubyZLeAxtglTyf+cnChEDhDwJX763fDrLUV91I9qFsI9rw94 f08NfsX4+vOc5TbCwuSPTr4u2/63LR7P7QyT17d/ZPukS5lB3k3/kiZm7G8iWK50Frlf OMXA==
X-Gm-Message-State: AOAM530pZwhXbeVBFyexuU0I50Bg/aJbYrKRR4kVnvJe9F+tOd5fy01E BvnyW1oTpTn5xBwctyxBifxmBrv+u8DvTmfYemDZnA==
X-Google-Smtp-Source: ABdhPJzrFEINjh5jAYBvM/EypUEJg6KaRoiIZnVLSDWUTwsZPKT1KdO/7ggVVmtbz+nuh0YBVxP8q8USJAbwSX5NuU0=
X-Received: by 2002:a92:3f0f:: with SMTP id m15mr8652599ila.103.1606070527835; Sun, 22 Nov 2020 10:42:07 -0800 (PST)
MIME-Version: 1.0
References: <> <20201122021417.B5E6E27B3E59@ary.qy>
In-Reply-To: <20201122021417.B5E6E27B3E59@ary.qy>
From: "Kurt Andersen (b)" <>
Date: Sun, 22 Nov 2020 11:41:56 -0700
Message-ID: <>
To: John Levine <>
Cc: "" <>,
Content-Type: multipart/alternative; boundary="000000000000535fb705b4b66f01"
Archived-At: <>
Subject: Re: [dmarc-ietf] ARC questions
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 22 Nov 2020 18:42:15 -0000

As usual, John has pretty well nailed the response, but there was one other
part of your question (Mike) that I thought deserved explanation:

On Sat, Nov 21, 2020 at 7:14 PM John Levine <> wrote:

> In article <> you write:
> >If I'm a receiver who is going to be making some filtering decisions
> >based on ARC, I see that it passed by some authenticator along the way
> >which is fine, but my question is why I should trust that intermediary
> >in general?
> The short answer is that you shouldn't, any more than you should trust
> random DKIM signatures.
> This also means that ARC isn't useful if you don't have a reputation
> system to tell you where the lists and other forwarders that might add
> legit ARC signatures are.

On Sat, Nov 21, 2020 at 2:33 PM Michael Thomas <> wrote:

> Or did I miss where ARC resigns the body? Or is there a tie in for ARC
> with the mailing list's resigned DKIM signature for the new message?

The ARC-Message-Signature (referred to as the AMS) includes a signature
over the newly modified message (headers & body) in a way very similar to a
DKIM-Signature. But this does not solve the problem of a malicious
forwarder that does a wholesale replacement of the (presumably) good
content with spam. That's were your own reputation and content analysis has
to come in.