On Mon 21/May/2018 18:24:13 +0200 Ken O'Driscoll via dmarc-discuss wrote: > On Mon, 2018-05-21 at 09:29 -0600, Pete Holzmann via dmarc-discuss wrote: >> QUESTIONS: >> 1) Is anyone working to solve these issues? >> 2) Has there been consideration of a forwarding token that could validate >> all such emails > > Take a look at the work being done on Authenticated Received Chain (ARC) - > http://arc-spec.org/ > > ARC breaks DMARC in those use cases where authenticated email is then > forwarded on to another mailbox provider in a way which invalidates DMARC. > Basically, it achieves this by including the previous DMARC authentication > results in the message so that the receiver can then make more a informed > filtering decision which is not solely based on the original domain's DMARC > policy.
Until then, a simple forwarding —refraining to append any disclaimer or virus scanning notice to the body of the message— would not break DKIM signatures and hence leave DMARC authenticity intact. That is exactly the problem that DKIM was designed to solve, to overcome the fact that SPF breaks forwarding. ARC will allow message modifications. However, it will require that Google/Apple/etc recognize SomeCo as a trusted forwarder, in order to believe reported authentication results. Finally, user+al...@dom.ain is not standard. Not all MTAs support it, and some support it with a different syntax (for example, user-al...@dom.ain in Courier-MTA). Best Ale -- _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
