Scott, > So the idea is that arbitrary data added from an untrusted sender > (unknown reputation) is sufficient to override DMARC p=reject?
No, that isn't the idea at all. It is up to the receiving service to decide how to handle the ARC information, but the guidance is not to simply accept it carte-blanche in that way. Particularly in the case of a null reputation the disposition of the message would most likely rest on whatever evaluation the receiver would have made had there been no ARC info.[1] A quick read of the draft specification and/or recommended usage document is a worthwhile investment of your time if you want to understand the proposal. http://arc-spec.org/ -- Shal [1] 3.6 What if none of the intermediaries have been seen previously? https://tools.ietf.org/html/draft-jones-arc-usage-00 _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
