IETF Logo Mail Archive

Re: [dmarc-ietf] ARC questions

"Kurt Andersen (b)" <kboth@drkurt.com> Sun, 22 November 2020 18:42 UTC

Return-Path: <kurta@drkurt.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98F8D3A09C0 for <dmarc@ietfa.amsl.com>; Sun, 22 Nov 2020 10:42:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Level:
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=drkurt.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s97Lk0LAw8yd for <dmarc@ietfa.amsl.com>; Sun, 22 Nov 2020 10:42:13 -0800 (PST)
Received: from mail-il1-x12a.google.com (mail-il1-x12a.google.com [IPv6:2607:f8b0:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 225053A09C1 for <dmarc@ietf.org>; Sun, 22 Nov 2020 10:42:12 -0800 (PST)
Received: by mail-il1-x12a.google.com with SMTP id r17so1878962ilo.11 for <dmarc@ietf.org>; Sun, 22 Nov 2020 10:42:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=drkurt.com; s=20130612; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HA9di1VkNpxlR+w9KTw+1wFImid5hKqWJ31E0zhOX+o=; b=gWmEfv41mk6Gqggxm2rOfbbXFk43hObOG4t84Iargz2BJx6TdqKwa6UnnykEBNlGyU cX5I6H5d9NBk556Z378nTGJc7EzVSUbS7VX/0vTcDiIFnxV9I8hkiSSkJp7xWcfXKMWh UqM7JiDtbkmoCsK68wcVDEsWF+VcKVKsqkeC8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HA9di1VkNpxlR+w9KTw+1wFImid5hKqWJ31E0zhOX+o=; b=ZM/ssfIWBtHaTBvnNiyJM5B2NzJ1V5ENjxoe2LTFkYHHsp2P5JlpjKj1bt0uZW6Ldo SweH+fwTqzZfzvgKdzINj14OIRnpo26HHeegnrO6oVruUmSdYHMOdOLcfYn/dAvWbqtF 38tn2vzmIgCfkq1BjBgDhChx90II9+rxikXF4D7xB/0p2M0URQsiaFzEUJIdJEQMagbw 83E7q4o96nvqYSFhpSgXubyZLeAxtglTyf+cnChEDhDwJX763fDrLUV91I9qFsI9rw94 f08NfsX4+vOc5TbCwuSPTr4u2/63LR7P7QyT17d/ZPukS5lB3k3/kiZm7G8iWK50Frlf OMXA==
X-Gm-Message-State: AOAM530pZwhXbeVBFyexuU0I50Bg/aJbYrKRR4kVnvJe9F+tOd5fy01E BvnyW1oTpTn5xBwctyxBifxmBrv+u8DvTmfYemDZnA==
X-Google-Smtp-Source: ABdhPJzrFEINjh5jAYBvM/EypUEJg6KaRoiIZnVLSDWUTwsZPKT1KdO/7ggVVmtbz+nuh0YBVxP8q8USJAbwSX5NuU0=
X-Received: by 2002:a92:3f0f:: with SMTP id m15mr8652599ila.103.1606070527835; Sun, 22 Nov 2020 10:42:07 -0800 (PST)
MIME-Version: 1.0
References: <dcc265f9-a143-5093-eba0-94ee059c7cc7@mtcc.com> <20201122021417.B5E6E27B3E59@ary.qy>
In-Reply-To: <20201122021417.B5E6E27B3E59@ary.qy>
From: "Kurt Andersen (b)" <kboth@drkurt.com>
Date: Sun, 22 Nov 2020 11:41:56 -0700
Message-ID: <CABuGu1pX=5ZC4RLsv19qrosRN9nCrPdeSk5Xg4O7ViEZit6dnA@mail.gmail.com>
To: John Levine <johnl@taugh.com>
Cc: "dmarc@ietf.org" <dmarc@ietf.org>, mike@mtcc.com
Content-Type: multipart/alternative; boundary="000000000000535fb705b4b66f01"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/5uS5Df57vdoPsheWZNQ2Jt4tZV0>
Subject: Re: [dmarc-ietf] ARC questions
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Nov 2020 18:42:15 -0000

As usual, John has pretty well nailed the response, but there was one other
part of your question (Mike) that I thought deserved explanation:

On Sat, Nov 21, 2020 at 7:14 PM John Levine <johnl@taugh.com> wrote:

> In article <dcc265f9-a143-5093-eba0-94ee059c7cc7@mtcc.com> you write:
> >If I'm a receiver who is going to be making some filtering decisions
> >based on ARC, I see that it passed by some authenticator along the way
> >which is fine, but my question is why I should trust that intermediary
> >in general?
>
> The short answer is that you shouldn't, any more than you should trust
> random DKIM signatures.
>
> This also means that ARC isn't useful if you don't have a reputation
> system to tell you where the lists and other forwarders that might add
> legit ARC signatures are.
>

On Sat, Nov 21, 2020 at 2:33 PM Michael Thomas <mike@mtcc.com> wrote:

>
> Or did I miss where ARC resigns the body? Or is there a tie in for ARC
> with the mailing list's resigned DKIM signature for the new message?
>

The ARC-Message-Signature (referred to as the AMS) includes a signature
over the newly modified message (headers & body) in a way very similar to a
DKIM-Signature. But this does not solve the problem of a malicious
forwarder that does a wholesale replacement of the (presumably) good
content with spam. That's were your own reputation and content analysis has
to come in.

--Kurt

v2.23.0 | Report a Bug | By Email