spf helo pass

Felix Zielcke fzielcke at z-51.de
Fri Dec 31 07:38:24 UTC 2021

Am Donnerstag, dem 30.12.2021 um 17:07 -0500 schrieb dovecot at ptld.com:
> > On 12-30-2021 10:35 am, Felix Zielcke wrote:
> > 
> > But dovecot mailing list uses ARC Headers.
> > And they seem to verify for me (using rspamd)
> I have not fully studied ARC, but from briefly looking isn't ARC just
> a way for the sending server to attest to the email it is relaying as
> being legit? So if the sending server is a spam server couldn't it
> lie and claim the mail is legit? If that is the case I'm not sure
> what the point of ARC is, how does it prevent fraud? Its like asking
> a liar if they are lying and taking their word for it. And i assumed
> this is why ARC never really took off.

Spam senders can setup valid SPF + DKIM too.
The only difference is a malicous relay could make ARC headers for e.g.
microsoft.com even though DKIM didn't pass. So yeah you need more trust
with ARC.
But I think you can trust the dovecot mailing list server.

More information about the dovecot mailing list