[dmarc-discuss] A bit quiet?
jgomez at seryrich.com
Mon Oct 26 13:52:08 PDT 2015
On Monday, October 26, 2015 7:52 AM [GMT+1=CET], Roland Turner via dmarc-discuss wrote:
> J. Gomez wrote:
> > How do you know the sender is trustworthy, if the email
> > he sends is failing a DMARC check?
> This question is an operational one that is out of scope for a
> protocol specification whose purpose is to facilitate interoperation
> of mechanisms (software). Operators will always make their own
> decisions about who to trust.
> > Is this ARC thing a mechanism to know when it is safe to ignore
> > the sender's DMARC policy of "p=reject"? And if it is such,
> > shouldn't it be part of the DMARC standard?
> ARC is still an experiment, working out whether it should pass
> through IETF as part of DMARC or as a separate specification is
> probably a little premature at this moment. I'd suggest that there
> are arguments both for and against doing so.
Thanks for your answers.
You seem knowledgeable about ARC, so please bear with me...
Let's consider this scenario of a mail flow:
user1 at yahoo.com --> list-of-ponies at maybe-we-are-evil.com --> user2 at i-host-email.com
Where both user1 at yahoo.com and user2 at i-host-email.com are subscribers to the mailing list "List of Ponies".
And let's agree on the axiom that if a user has subscribed to a mailing list, then that user wants the messages from that mailing list to land on his Inbox.
If the postmaster at i-host-email.com is checking DMARC in incoming email, and if yahoo.com is publishing p=reject, that postmaster now has the problem of how to make sure that messages which user1 at yahoo.com has sent to list-of-ponies at maybe-we-are-evil.com arrive successfully to the Inbox of user2 at i-host-email.com, in a safe and automated way. I.e., that postmaster now has the problem of how to override DMARC in a safe and automated way.
And now, lets agree on a second axiom: if that postmaster would normally accept direct messages from user1 at yahoo.com to user2 at i-host-email.com, the idea would be that he would also accept messages from list-of-ponies at maybe-we-are-evil.com to user2 at i-host-email.com if a positive verification could be made about whether said messages had really originated from user1 at yahoo.com.
The question I have is: Can ARC help that postmaster with doing such a verification? (Yes/No)
More information about the dmarc-discuss