Re: [dmarc-ietf] ARC vs reject

[Dotzero <dotzero@gmail.com>]

On Mon, Dec 7, 2020 at 12:30 AM Murray S. Kucherawy <superuser@gmail.com>
wrote:

> On Sun, Dec 6, 2020 at 9:24 PM Michael Thomas <mike@mtcc.com> wrote:
>
>> An idea that i've been rolling around in my head is that the MLM could
>> give a sed-like script to rollback the changes. since they know their
>> modifications, they can obviously express how to unmodify them. it may have
>> less issue with the mime hackery you were thinking about.
>>
>
> You'd need a way to assert, and then evaluate, that something equivalent
> to "s/.*/spam/g" is a transformation you're not willing to reverse and say
> "yep, we're good."  I don't know how you'd go about automating that.
>
>> But as far as your point about spam vectors it is surely just as true
>> about ARC, right? at least with recovering the original text i have the
>> ability to remove all of the transforms and deliver the original text.  ARC
>> not so much. it's all or nothing on the trust front.
>>
>> But I really think the key thing about all of this is figuring out what
>> defines success. That is the most important thing by far.
>>
> I think ARC, like PSD, is meant to run for a while and see what we've
> learned from it.  Maybe it's the silver bullet, or maybe it's ineffective
> complexity.  That should be part of the experiment's definition; Section 11
> of the ARC RFC does try to capture all of that.
>

I've asked here and in other places that validators/receivers consuming ARC
headers provide data regarding the results of such consumption. To date we
have not seen any data provided by participants in the ARC experiment. It
may be that ARC is a useful standard or it may not be. So far I'm seeing a
lot of supposition and speculation but no useful data for evaluation.

Michael Hammer