[Mailman-Users] ARC, was non-subscribers getting through--email address in "Real Name"
Stephen J. Turnbull
turnbull.stephen.fw at u.tsukuba.ac.jp
Mon Jul 23 01:02:23 EDT 2018
Grant Taylor via Mailman-Users writes:
> I'm questioning why domains that do use ARC headers that don't run
> mailing lists should not be white listed.
You're misunderstanding. The ARC community doesn't discourage
whitelisting other sites. The work to do whitelisting does. Mailing
lists are *known* to *frequently* (almost always) break DKIM
signatures in a way amenable to repair by ARC.
The other main pain points for DMARC are third-party services that are
authorized by the owner of a mailbox to send mail "on behalf of",
without participation of the adminstrator of the mailbox's domain. An
example is invoicing services. These do not benefit from ARC *at all*
because they have a valid DKIM signature from the originating domain,
who can be trusted for that service, but don't get such a signature
from the mailbox's domain as required for DMARC From validation.
The other *possible* use case for ARC would be non-mailing list
forwarding. But these almost never break the DKIM signature of the
originator. I guess large services like GMail can eventually add a
feature where a user can configure GMail to recognize and whitelist
specific sites where they have mailboxes set to forward to GMail. But
I doubt this will ever be a standard feature of MDAs. It will be
complex and fragile to implement, and almost never used.
 Note that I disagree somewhat with John. I suspect that
humongous providers like GMail, Yahoo!, and Microsoft will
automatically accept ARC in the presence of a RFC 2369 List-* header,
and blacklist on bad behavior, as they do now. That's not perfect
from a list admin's point of view---it requires a lot of resources to
do that well, so small sites probably won't---but it's not too bad.
More information about the Mailman-Users