[dmarc-discuss] A bit quiet?
roland.turner at trustsphere.com
Mon Oct 26 22:53:45 PDT 2015
J. Gomez wrote:
> You seem knowledgeable about ARC, so please bear with me...
More about the problem being solved (I had reason to attempt this with Received: headers years ago) than about ARC specifically but, yes, I've read the draft and it makes sense to me.
> user1 at yahoo.com --> list-of-ponies at maybe-we-are-evil.com --> user2 at i-host-email.com
> the idea would be that he would also accept messages from
> list-of-ponies at maybe-we-are-evil.com to user2 at i-host-email.com
> if a positive verification could be made about whether said messages
> had really originated from user1 at yahoo.com.
> The question I have is: Can ARC help that postmaster with doing such a verification? (Yes/No)
Not quite as you've worded it: ARC processing doesn't provide verification of where a message really originated from (yahoo.com in this case), instead it potentially allows a receiver to determine with reasonable certainty who modified it (maybe-we-are-evil.com in this case). With that information the receiver is in a position to make a local decision about whether to ignore the p=reject failure based upon reputation data accumulated by the receiver about the modifying party.
1: So long as the modifying party performed ARC signing correctly.
More information about the dmarc-discuss