Re: [dmarc-ietf] From: munging, was Ratchets - Disallow PCT 1-99

Douglas Foster <> Sun, 25 July 2021 17:28 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6ED203A32D9 for <>; Sun, 25 Jul 2021 10:28:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nVHUUgjVLEpG for <>; Sun, 25 Jul 2021 10:28:25 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::32b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 077FA3A32D8 for <>; Sun, 25 Jul 2021 10:28:24 -0700 (PDT)
Received: by with SMTP id v8-20020a0568301bc8b02904d5b4e5ca3aso6739016ota.13 for <>; Sun, 25 Jul 2021 10:28:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mlbltPa0d4xAzAE+TP7h1p8vbwAHxPCXD4JN2k0/vTs=; b=M3FDxCqJivoU+dwIflFVWnTd9KpupC6qGFl2UiMtNrRT/uT/IAZnvs/ojRJcC8d2MJ hZIyoruF+/1A7d/SRizTh2R6dMwKFZ3jEmgHZSLizK8ShrVhigf08NiPom6nnBWzUhD5 MUeCCKkBf7+oJaGFFH8apsIBNGtgpKjl5x7A9eNAP3RutpWtUDvzpd0y7tJqUteRK/gS ReErX5iP+6qRBkPrK5FC0h2+njdPpPpyWF+DKpwQhwV6KPa2hViuw+K/RM+wdIjDQQ83 F6xvA8NOpQ6YiNDmQ/b7Q2o2+FY5eNGRzmmBz8m5uXS4+q1jVQyHe9J2hBaKU9pC+RA8 MWew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mlbltPa0d4xAzAE+TP7h1p8vbwAHxPCXD4JN2k0/vTs=; b=QIp9WkenW3E9bapK6f9rn/dnhqg5EtNpEvy5HomxmEjyb0BwrmNWxzsQZ5+nAZSQuB QFZ++THjHIl39ElTfvlgIuyQMvrD3kSKaX5cOz5APv+4vVNIlzVwh7chYnh1ECVs1PMj vpcxPkDyV/gKwrsphxYsMGXVSmBEAW0ehde45/loYY77aIS0UMcjWHhQv5ydZ2JQsu0B lv/9iTXCYhM6QdBjtcHt7L/UNZAJVa5rwFyY1hExmKf/Oz44ji+su/JycEOVc0+g54rw qEQZzrlC1v1VeyppRwNNPnspBXMd7cI1Tdvts7nssLiH+fVStlBX++uyCxFSAHcm2OxJ nPiQ==
X-Gm-Message-State: AOAM530YWHTzIeUhfJqFP3Am0O42CXQa0FqOyhWSTzrzhaUsPcKfocBb IZrWf70e+T9gcG2FjP4WfTRQYwDKz2UJLbyE+9/TqaQANnk=
X-Google-Smtp-Source: ABdhPJzIqKu+eK+h6Na344Fo6VGvivx/WTZt7A65DIcgsbS+xeKnSQG3jaKCvl8PSYl2IVZ601obnKnfrJBkMNYm9AQ=
X-Received: by 2002:a9d:6f84:: with SMTP id h4mr9778869otq.240.1627234102796; Sun, 25 Jul 2021 10:28:22 -0700 (PDT)
MIME-Version: 1.0
References: <20210722185106.15C9F24DEDF0@ary.qy> <> <> <> <> <>
In-Reply-To: <>
From: Douglas Foster <>
Date: Sun, 25 Jul 2021 13:28:12 -0400
Message-ID: <>
To: Alessandro Vesely <>
Content-Type: multipart/alternative; boundary="000000000000a9e6c305c7f5f6f2"
Archived-At: <>
Subject: Re: [dmarc-ietf] From: munging, was Ratchets - Disallow PCT 1-99
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 25 Jul 2021 17:28:27 -0000

> Ale said:
"ARC is not a part of DMARC, despite the acronym being a substring."

Is this really true?  Some time ago, the chairs said that ARC was the
candidate solution to the mailing list problem, and that DMARCbis would not
fly without a mailing list solution.  More recently, we seem to be
proceeding with a plan to leave the based design of DMARCv1 untouched, with
all of its limitations.   So perhaps the politics have changed.

I have tried to fall in love with ARC, without success.   I have not seen
anyone describe an algorithm for parsing an ARC chain to draw a
conclusion, although the effort seems to require an extraordinary amount of
software development and processing effort.  Having the outlines of this
algorithm seems important, if we expect both implementers and evaluators
for ARC.

But even with an algorithm, the goal seems elusive.  Since any liar can
start an ARC chain and insert a set of unverifiable A-R assertions, it
seems that trusting an ARC set requires prior knowledge of whom to trust,
and when that information is available, ARC chain evaluation becomes

Doug Foster