Scott, > If I trust the sender enough to override DMARC policy results, what more > does ARC add?
A subtle, but important thing it adds is the identity of the bad actor. That is, in order to forge an ARC result the intermediary had to be in the DNS system with the relevant ARC information provided. So if you are maintaining a reputation system it becomes harder for the bad actors to escape a bad reputation. And much harder for bad actors to give good actors a bad reputation by using a good actor's name. > I thought we'd already discussed the idea of the non-scalability of > whitelists to death. Absent a trusted sender whitelist, what can you do > with ARC? The recommended usage document addresses some of this. http://arc-spec.org/ But the bottom line is: not magic, just chain of custody. When a message fails DMARC you can use ARC to feed your own classifier for whether to obey a p=reject. -- Shal
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)