Re: [dmarc-ietf] ARC vs reject

John R Levine <> Sun, 06 December 2020 04:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 24FB93A0CD2 for <>; Sat, 5 Dec 2020 20:14:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key) header.b=Y30AboJ2; dkim=pass (2048-bit key) header.b=I5gD9Mh0
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Bq6J1cQvFHHf for <>; Sat, 5 Dec 2020 20:14:21 -0800 (PST)
Received: from ( [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1FE813A0CD1 for <>; Sat, 5 Dec 2020 20:14:20 -0800 (PST)
Received: (qmail 57211 invoked from network); 6 Dec 2020 04:14:19 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple;; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:content-id; s=df79.5fcc5a9b.k2012;; bh=+xlxFxSzRRT1pqXaq6Pp6jl9nb+C4qyBtwuquPYXBl4=; b=Y30AboJ2PGt7YmbZs6efroU/1h90u95Pb9v+biKJXz9L2re28Q2FSwvwDit8XM7xpNxJdqWV+h6Ts2vT2Czy0f2n0aTqQZC/8uoUYj5BfABkHKn8fI+XZ5P7O8dnbRZ7+C8Du5zgEhNzpxF+haiWij5v1FG8UKNinotb9pBrUqUDeakZU1Pvw7OB+9xkhPkeOSAX4YiAgRZb9XDxnYXIpnnI/FM8wkWxPOsjVrWBXGuo+3gBUoTG5so5wqg2N5qmaV4Wbi421ySduyKk/1UAFwTm1954P5jF5paIewSRhTgpJolWs/vwE8xuLWtCRfnqO24tLWl3+YmFrnkWYi04SQ==
DKIM-Signature: v=1; a=rsa-sha256; c=simple;; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:content-id; s=df79.5fcc5a9b.k2012;; bh=+xlxFxSzRRT1pqXaq6Pp6jl9nb+C4qyBtwuquPYXBl4=; b=I5gD9Mh0sl6gk3uqmGwfT0uz5Q3itEz1ym0VWFY48+1Q3nQlt6LwBLu199HK9rrxXddnmVWqF+yIedNOwJmQSIkYnJ6aGizqi4fEQ74+FuYligYWOIcIhASBP1nChJeSXJfI2YpVvqAL0QvUyvf1BkD7faiXTOxmEQKljBfDSgVpwVRUb6eXffvUBNJlh+nPPa5R632OrmT+vxvQ3lL3w5/2ZKqrbiU5vOVEXc0Thfxw71AdiMcBueQVnZCYqmPC8TlBoskXn85ywFUaNe8Z5S368eRaMmHFQ3/3q7enZVJPWtmrRwoxOUJBCnEOAjIcmcAUcpc84SJ3g7yizckudQ==
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.3 ECDHE-RSA AES-256-GCM AEAD, via TCP6; 06 Dec 2020 04:14:18 -0000
Date: 5 Dec 2020 23:14:18 -0500
Message-ID: <>
From: "John R Levine" <>
To: "Jim Fenton" <>
In-Reply-To: <>
References: <20201205210351.DB78E2904420@ary.qy> <> <> <>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-220286709-1607227744=:47280"
Content-ID: <>
Archived-At: <>
Subject: Re: [dmarc-ietf] ARC vs reject
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 06 Dec 2020 04:14:23 -0000

On Sat, 5 Dec 2020, Jim Fenton wrote:
>> Of course not.  That's just the tiny gorillas stamping their teensy feet. 
>> Why would anyone expect that the people publishing that flag actually 
>> understood what it meant?  Many will just turn it on because someone said 
>> it's "more secure."
> FWIW, I don’t think a lot of the people publishing p=reject understood the 
> implications of that, either. This is not significantly more arcane.

Then I think we agree.  There's no difference from p=reject and 
p=reject-I-really-mean it.

> ... If the recipient domain accepts modifications by zero-reputation 
> intermediaries (because there are so many of them, after all)

I wouldn't call that a reasonable implementation of ARC.  The set of hosts 
that are likely to send you mail with interesting ARC chains is relatively 
small, and I don't think it changes very fast.  Most of the hosts that 
send you non-spam mail aren't going to send you mail that needs ARC.

If you're setting up a new mailing list host or forwarder, getting 
yourself into whatever whitelists people use will be somewhat painful but 
there's nothing new about that.

> I’d be interested in other opinions on this. Or whether this is a fundamental 
> problem with ARC.

I'd certainly be interested in hearing how people plan to compile and 
maintain their lists of ARC-worthy hosts.

John Levine,, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.