[dmarc-discuss] A bit quiet?

J. Gomez jgomez at seryrich.com
Mon Oct 26 13:52:08 PDT 2015

On Monday, October 26, 2015 7:52 AM [GMT+1=CET], Roland Turner via dmarc-discuss wrote:

> J. Gomez wrote:
> > How do you know the sender is trustworthy, if the email
> > he sends is failing a DMARC check?
> This question is an operational one that is out of scope for a
> protocol specification whose purpose is to facilitate interoperation
> of mechanisms (software). Operators will always make their own
> decisions about who to trust.   
> > Is this ARC thing a mechanism to know when it is safe to ignore
> > the sender's DMARC policy of "p=reject"? And if it is such,
> > shouldn't it be part of the DMARC standard?
> ARC is still an experiment, working out whether it should pass
> through IETF as part of DMARC or as a separate specification is
> probably a little premature at this moment. I'd suggest that there
> are arguments both for and against doing so.

Thanks for your answers.

You seem knowledgeable about ARC, so please bear with me...

Let's consider this scenario of a mail flow:

user1 at yahoo.com --> list-of-ponies at maybe-we-are-evil.com --> user2 at i-host-email.com

Where both user1 at yahoo.com and user2 at i-host-email.com are subscribers to the mailing list "List of Ponies".

And let's agree on the axiom that if a user has subscribed to a mailing list, then that user wants the messages from that mailing list to land on his Inbox.

If the postmaster at i-host-email.com is checking DMARC in incoming email, and if yahoo.com is publishing p=reject, that postmaster now has the problem of how to make sure that messages which user1 at yahoo.com has sent to list-of-ponies at maybe-we-are-evil.com arrive successfully to the Inbox of user2 at i-host-email.com, in a safe and automated way. I.e., that postmaster now has the problem of how to override DMARC in a safe and automated way.

And now, lets agree on a second axiom: if that postmaster would normally accept direct messages from user1 at yahoo.com to user2 at i-host-email.com, the idea would be that he would also accept messages from list-of-ponies at maybe-we-are-evil.com to user2 at i-host-email.com if a positive verification could be made about whether said messages had really originated from user1 at yahoo.com.

The question I have is: Can ARC help that postmaster with doing such a verification? (Yes/No)


More information about the dmarc-discuss mailing list