[dmarc-discuss] A bit quiet?

Shal Farley shalf at CheshireEng.com
Mon Oct 26 02:29:31 PDT 2015


Roland wrote:

> - Forwarders who are large enough to be monitoring deliverability can 
> trivially determine whether their ARC-signing is being successfully 
> validated and/or when receivers trust them enough to accept messages 
> despite failing DMARC.

I see how that is possible when the forwarder has taken "ownership" of the message by putting their own domain in the From, but if they do ARC signing without taking ownership how do they know anything about the receiver's authentication results? I missed any reference to the intermediaries getting reports.

> - Hopefully groups.io is already monitoring deliverability. If not, then 
> they should probably keep their workarounds in place for the foreseeable 
> future.

Alas, that's beyond my level of knowledge. As evident from the preceding question.

>> Now it is also true that the service can't know which receiving domains implement
>> DMARC processing, except by way of public announcements or user complaints of
>> non-delivery.
>
> This is not entirely correct. DMARC aggregate reports and 
> Authentication-Results: headers both make clear whether (a) a receiver 
> is implementing DMARC and (b) validation is succeeding.

Yes, but those reports go to an address specified by originator's DNS records, as I understand it. Not to the intermediary, unless the intermediary becomes the originator by putting their own domain in the From: of the message. 

-- Shal



More information about the dmarc-discuss mailing list