G'day.
ARC is motivated by a desire to deal with a class of DMARC failures. In
that context, it can be seen as 'augmenting' DMARC, even though it is
formally separate from DMARC. That is, ARC doesn't and shouldn't
specify how ARC is used in a DMARC context. But there needs to be some
understanding -- and I suspect a spec, somewhere, eventually -- that
says how to integrate ARC into an engine that includes DMARC.
BTW, the DMARC spec uses the terms 'pass' and 'fail' with respect to the
underlying authentication mechanisms of DKIM and SPF. It also uses it
within the context of DMARC processing, itself, but it does not define
what those terms mean, in that context. Beyond reference to DMARC
'policy' records, text in the specs that talk about processing DMARC
policy is similarly implicit, rather than explicit. The only clear,
explicit directive about DMARC outcomes seems to be Section 6.6.2 #6,
Apply policy.
An example of possible confusion in the case of ARC: does DMARC still
'fail'? Yet the whole point of ARC is to create the possibility of
still getting delivered, in spite of this.
So, were one to write something to augment the DMARC spec, in support of
ARC, what are the kinds of text one ought to formulate and how should
they be linked to the DMARC spec?
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc