Re: [dmarc-ietf] A policy for direct mail flows only, was ARC questions

Michael Thomas <> Wed, 25 November 2020 20:37 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 94AFC3A1CA9 for <>; Wed, 25 Nov 2020 12:37:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.651
X-Spam-Status: No, score=-1.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id WbwjveOI6T_t for <>; Wed, 25 Nov 2020 12:37:40 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::532]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C84843A1CB1 for <>; Wed, 25 Nov 2020 12:37:38 -0800 (PST)
Received: by with SMTP id t21so3447112pgl.3 for <>; Wed, 25 Nov 2020 12:37:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=9DmZ9DgQwgVOcJzyl4hBlH5T/HdZntglJg9UNZWdebg=; b=o2luRFrsvN1WS9HPh3m86tJQ1dM0tAtf8DslnqaulULfEuNzYUv8a6AaTn44OgSMwn VI7zk+8X/LkLYH9mm8jife+TXiSjKnoDok0WnuZVSjw+Qaghs+sIZdXRTH1XPavUq8vw jqjgktG1u09dtifYkQG4u8xpft2Jyo0rp+PFUfYHvbJgC5J43xal4js1/osVie+VHOYq dmdJ8L5RABl6dQtehHaaVXSuZj2ztKyXfqHUak9kd4fRDr7lu132n7Ja9IotVH2v0NXq fxp2+bPjVhWCPX6ZRza0IK+5KJSugSB73bEdgV7IoHTMuBOtTg7IA/Som/Qly0XRwq3s Jclg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=9DmZ9DgQwgVOcJzyl4hBlH5T/HdZntglJg9UNZWdebg=; b=muRyw3P2fzGMI7rjmdZ1kFI+wSGTET24ZNzGV8r1229C7KhcDej6nxWmlAVVF2jlfk +GV3QZ95njDpbowDJmxmbj9PMakRlVt1J5DUeJJDa5nGa2vt0Z0dqsJ6+rQCTdROMNfw /FiezQQK1A+O3Z9gDbl9ydDlNZmsDFGZ/AbxGr7afQWqH7n7c98hk7Dt96adJAMeDW7S q1qCv49mQwzygkkk0FixILXjS75kayYP+LZJ1qP3DcbmnoDex6cmPHsn+06Jbhn62dIs iakPz6Fesb/3sUYeKXzVcoiHLf7Azz6rEZTEU2S0o54JOtTZj103fLqA/MPJGeAjZerg J2Aw==
X-Gm-Message-State: AOAM530Ep/Izg1Kk2l5cy87guOR/bDnwstZHV9IbDWgFnh7DIMP8orE6 mOW4UXu5JBo9lTJtIfPXMD8Sazs/R5WCJA==
X-Google-Smtp-Source: ABdhPJwiCRpqiCIShRXmCpiOcCEZaKU6VNUCKzd6cxuK3UJcmpw+PP/bQrA9o0N0AWER0uwhWf15Vw==
X-Received: by 2002:a65:56c8:: with SMTP id w8mr4401869pgs.383.1606336657845; Wed, 25 Nov 2020 12:37:37 -0800 (PST)
Received: from mike-mac.lan ( []) by with ESMTPSA id k23sm2682496pfk.50.2020. for <> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 25 Nov 2020 12:37:36 -0800 (PST)
References: <e9166148b9564102a652b4764b4f61ff@com> <> <> <> <rpmeva$10ql$>
From: Michael Thomas <>
Message-ID: <>
Date: Wed, 25 Nov 2020 12:37:35 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.5.0
MIME-Version: 1.0
In-Reply-To: <rpmeva$10ql$>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <>
Subject: Re: [dmarc-ietf] A policy for direct mail flows only, was ARC questions
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 25 Nov 2020 20:37:42 -0000

On 11/25/20 12:31 PM, John Levine wrote:
> In article <>om>,
> Michael Thomas  <> wrote:
>> When I was at Cisco, with l= and some subject line heuristics I could
>> get probably like 90+% verification rate across the entire company, a
>> company that uses external mailing lists a lot. Definitely not 100% though.
> I think you will find that at very large mail systems like gmail and
> Microsoft and Yahoo, 90% might as well be 0%. The volume of errors is
> just too high and the number of complaints would be impossible.
> While I almost never see the sort of spam leakage through mailing lists
> that Brandon reports, I believe him when he says it's enough of a problem
> that Gmail can't just whitelist traffic from mailing lists.

Not everything is service provider. We were investigating this from an 
enterprise standpoint.

And if you can't trust mailing traffic from providers what is the point 
of ARC?