[dmarc-discuss] A bit quiet?

Roland Turner roland.turner at trustsphere.com
Mon Oct 26 22:53:45 PDT 2015


J. Gomez wrote:

> You seem knowledgeable about ARC, so please bear with me...

More about the problem being solved (I had reason to attempt this with Received: headers years ago) than about ARC specifically but, yes, I've read the draft and it makes sense to me.

> user1 at yahoo.com --> list-of-ponies at maybe-we-are-evil.com --> user2 at i-host-email.com
....
> the idea would be that he would also accept messages from
> list-of-ponies at maybe-we-are-evil.com to user2 at i-host-email.com
> if a positive verification could be made about whether said messages
> had really originated from user1 at yahoo.com.
>
> The question I have is: Can ARC help that postmaster with doing such a verification? (Yes/No)

Not quite as you've worded it: ARC processing doesn't provide verification of where a message really originated from (yahoo.com in this case), instead it potentially[1] allows a receiver to determine with reasonable certainty who modified it (maybe-we-are-evil.com in this case). With that information the receiver is in a position to make a local decision about whether to ignore the p=reject failure based upon reputation data accumulated by the receiver about the modifying party.

- Roland

1: So long as the modifying party performed ARC signing correctly.


More information about the dmarc-discuss mailing list