On 2021-12-31 08:38, Felix Zielcke wrote:
Spam senders can setup valid SPF + DKIM too.
most fail to understand spf helo pass :)
The only difference is a malicous relay could make ARC headers for e.g. microsoft.com even though DKIM didn't pass. So yeah you need more trust with ARC.
you still would just verify original sender via dmarc validating through dkim,spf,arc chains
if maillist all did the arc seal/ arc sign, before thay break dkim, then its still possible to verify orginal sender trust, bingo
its just sad nearly all make it worse by dkim sign all forwarded mails, thay miss the dkim private key mostly to do this, no ? :=)
But I think you can trust the dovecot mailing list server.
exactly why i started debate on spf helo pass
hope all fellows get it why