[dmarc-discuss] A bit quiet?
sklist at kitterman.com
Fri Oct 23 13:27:41 PDT 2015
On October 23, 2015 2:10:26 PM EDT, "J. Gomez via dmarc-discuss" <dmarc-discuss at dmarc.org> wrote:
>On Friday, October 23, 2015 4:07 PM, Scott Kitterman via dmarc-discuss
>> On October 23, 2015 1:48:13 AM EDT, Roland Turner via dmarc-discuss
>> <dmarc-discuss at dmarc.org> wrote:
>> > The question is not who you trust - ARC doesn't directly change
>> > that - but how you reliably automate determining whether the
>> > message was forwarded only by people that you trust. At present,
>> > you have to dig through Received: headers, infer per-forwarder
>> > internal structure and behaviour and, frequently, guess. ARC
>> > addresses that problem, not the one you're asking about.
>> I don't see why the signing domain of the DKIM signature that could
>> be added by the most recent sender doesn't already give an identifier
>> to use to evaluate trust in the sender.
>> I can see that ARC gives a way to communicate information about the
>> upstream senders, but I don't see how that's related to DMARC.
>> From a DMARC perspective, if you know the sender is trustworthy, you
>> do a local override. ARC doesn't seem to be needed for that.
>How do you know the sender is trustworthy, if the email he sends
>is failing a DMARC check?
>Is this ARC thing a mechanism to know when it is safe to ignore
>the sender's DMARC policy of "p=reject"? And if it is such, shouldn't
>it be part of the DMARC standard?
It's not. It's only useful when provided by senders you trust.
More information about the dmarc-discuss