J.Gomez,
> Is this ARC thing a mechanism to know when it is safe to ignore
> the sender's DMARC policy of "p=reject"?
It helps in judging that, but isn't complete by itself (you still need a
reputation system for the intermediaries).
> And if it is such, shouldn't it be part of the DMARC
Scott,
> So the idea is that arbitrary data added from an untrusted sender
> (unknown reputation) is sufficient to override DMARC p=reject?
No, that isn't the idea at all.
It is up to the receiving service to decide how to handle the ARC information,
but the guidance is not to simply accept
Scott,
> As described in the drafts, the ARC stamp is applied by the
> intermediary, not the originator, so I don't think that works.
Yes, but the intermediaries had to sign their ARC seal, and thereby identify
themselves in a non-forgeable way.
> Even if it did, it's still just another
On Fri, Oct 23, 2015 at 9:54 PM, Scott Kitterman via dmarc-discuss
wrote:
>>ARC should be helpful in that perhaps non-exotic situation.
>
> Could be. I certainly don't claim it's not potentially useful. My concern
> is that it seems to be marketed as a solution to the
Shal wrote:
> By allowing greater automation and accuracy in identifying
> intermediaries ARC may benefit the little guys the most - you
> won't as likely be lost in the noise because the receivers will
> be more likely to track the reputation of each and every ARC
> participant they receive
Al Iverson wrote:
> From my own perspective, I'm unclear on how well this will work. I
> assume the chain process is based on addressing anything thrown at at
> it; mailing list posts going through mail forwarding; ARC on both
> would in theory keep authentication intact and prevent p=reject