On Fri, Aug 11, 2017 at 5:50 PM, Bron Gondwana <br...@fastmailteam.com> wrote:
> > Again - why seal on ingress? It's bogus. > > * check authentication on ingress > * add authentication on egress > > That's the pattern that means something and works. Otherwise your > internal mechanisms are going to have to be either ARC aware anyway, or > you'll have to fix up ARC anyway. > As long as your method of communicating the ingress auth check survives the transit of your internal infrastructure (which A-R does not necessarily do as a result of some brain-dead gateway implementations), I agree. Sealing on ingress is one such way to provide that communication from ingress point to egress point but is a bit noisy to do so. --Kurt
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
