Re: [dmarc-ietf] ARC vs reject

"Murray S. Kucherawy" <> Mon, 07 December 2020 05:05 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A30FB3A0FF7 for <>; Sun, 6 Dec 2020 21:05:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id NouQfGjcau7g for <>; Sun, 6 Dec 2020 21:05:43 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::92a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EF3373A0FF9 for <>; Sun, 6 Dec 2020 21:05:42 -0800 (PST)
Received: by with SMTP id 4so2747337uap.8 for <>; Sun, 06 Dec 2020 21:05:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fhnFO/AgiUnpVe/kOO8qr/fk5V+Vs0bVv0iWqS3BYVI=; b=jadrq3AB37JCbJXswUloJ6MVD3Ot3oXn16Ha9Nii0uW3CnIE3bsVfCj0O58BKBk+kd Df0aNehAnc1pawYS6QX4QoOJ5MVQYgzG4iEWc7Kehz6lzmjhSkUoz6mL29Mdf/LqWWgG BAl/lzJBBV1Gx/xgFHXPmcSo/VKZFda8J4zqGvQUu+rAmip37zQS4mzskrDnvLfag2Jw gJlJCJ3XSS5/mXDql3kBUtbFo8c/x+cIxiQtE5G3j9NgRh2dpUDimqz6V2Lzk405v0An eD5hNhz9959E0lHaIYVqYx9aeQOpDOBNLBax8r4QM4XLwfqR/i/yonTPZNTD33SP9+W9 TjEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fhnFO/AgiUnpVe/kOO8qr/fk5V+Vs0bVv0iWqS3BYVI=; b=i3twO/Mg5vbLxGCNr4JwRf6WGy8mYZ//dgELaTMfldVCRRPUUckAN9CGCGEOo6eZtc cKzw77eq2UpgykygrrKSqz5HwgwpIY9dQlo1buSblBujYpYZMLhc0heTUzFEO2ZKDPdJ /Ik4Rwu/6CgZ6F3PlRzKK0N3nLMI+jFMCvzw6uPxNWk+vQ2ysfDV/wM77StIwHjYSc2n 8c0vABhkHPFWUwT7s1SKHcYL61rxmOA+vhh3xZoJaHEQNt+AM1BzSoOje4mt6TlaFid6 QG56wl8xSNV0ee3TKXknM+TZZXFg4886weev3srWy3mMQBccQ307ajdq0xse+EpcknoC flLQ==
X-Gm-Message-State: AOAM532LgLAUyDpAp2V5T5HLm5LMd9i0ZG2MXVvW3gdRK8CX/oHxinG4 5qxlOjwgEXA00m2DHsEyK951/PJ0VnPAjyejdao2zIFN
X-Google-Smtp-Source: ABdhPJxIYzgW20RFDvjwBR2sJGtdI/gHLH8WEIoS1zyCxZVL9BJM2HoikuXWPH/q/ClYTTUsEDVW0dCc/KYTOV+yKNo=
X-Received: by 2002:ab0:2109:: with SMTP id d9mr10668059ual.76.1607317541745; Sun, 06 Dec 2020 21:05:41 -0800 (PST)
MIME-Version: 1.0
References: <20201205210351.DB78E2904420@ary.qy> <> <> <> <> <> <>
In-Reply-To: <>
From: "Murray S. Kucherawy" <>
Date: Sun, 6 Dec 2020 21:05:29 -0800
Message-ID: <>
To: Michael Thomas <>
Content-Type: multipart/alternative; boundary="0000000000001df86705b5d8c7f2"
Archived-At: <>
Subject: Re: [dmarc-ietf] ARC vs reject
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 07 Dec 2020 05:05:45 -0000

On Sun, Dec 6, 2020 at 11:02 AM Michael Thomas <> wrote:

> Based on the work I did at Cisco 15 years ago which essentially was a
> heuristic based form of those two drafts, I found that it worked for
> about 90 some percent. I unfortunately do not know what the nature of
> the remaining messages that could not be recovered (either I never did
> the analysis or don't remember). Things may have changed some since
> then, but that was what we got for the entire mail stream of a large
> company. Is that "good enough"? Or better yet, what is the definition of
> "good enough"?

A counter-argument I've heard often to the idea of reversible
transformations is that it can become a spam vector, no different than the
argument against "l=".  For instance, if we start chopping off typical list
signatures ("delete everything at and after the lowest line containing only
hyphens"), then I can take a message from a good actor, tack a spam list
signature onto it, claim I'm an MLM, and it'll still pass with the author
domain signature when it gets delivered downstream, though the spam will
still be there.

Another is that it's not actually easy to describe all or even most of the
mutations an MLM might make to a message.  (Mailman sent me the list of
changes they might make to a message.  It's not a small list.)

Yet another is that two different MLMs might implement MIME-izing actions
ever so slightly differently, yet both results are fully compatible with
MIME and indistinguishable when rendered by most MUAs.

So in the limit, this comes down to defining a set of transformations
everyone agrees are allowed, and then all MLMs and filters implementing
exactly those and no more.  There doesn't seem to be much of an appetite in
the community for this path.