For our usage, we still consider dmarc=fail, and then include the actual disposition (dis=) in the comments in the auth-res header. In the xml rua report, we would then specify in the PolicyEvaluatedType the actual disposition and the PolicyOverrideType of local_policy with a comment saying arc=pass.
This is all said explicitly in draft-ietf-dmarc-arc-protocol-08 9.6.2, though it does this with the fragment of the dmarc report instead of in text. We could expand this to something like... ARC is not used in DMARC evaluation, the DMARC result is independent of ARC. ARC can be used by a receiver to override the Domain Owner's policy and apply a different disposition from what they asked for. In that case, it should be reported as a DMARC fail with a PolicyOverrideType of local_policy. Brandon On Tue, Aug 15, 2017 at 11:42 AM, Dave Crocker <dcroc...@gmail.com> wrote: > G'day. > > ARC is motivated by a desire to deal with a class of DMARC failures. In > that context, it can be seen as 'augmenting' DMARC, even though it is > formally separate from DMARC. That is, ARC doesn't and shouldn't specify > how ARC is used in a DMARC context. But there needs to be some > understanding -- and I suspect a spec, somewhere, eventually -- that says > how to integrate ARC into an engine that includes DMARC. > > BTW, the DMARC spec uses the terms 'pass' and 'fail' with respect to the > underlying authentication mechanisms of DKIM and SPF. It also uses it > within the context of DMARC processing, itself, but it does not define what > those terms mean, in that context. Beyond reference to DMARC 'policy' > records, text in the specs that talk about processing DMARC policy is > similarly implicit, rather than explicit. The only clear, explicit > directive about DMARC outcomes seems to be Section 6.6.2 #6, Apply policy. > > An example of possible confusion in the case of ARC: does DMARC still > 'fail'? Yet the whole point of ARC is to create the possibility of still > getting delivered, in spite of this. > > So, were one to write something to augment the DMARC spec, in support of > ARC, what are the kinds of text one ought to formulate and how should they > be linked to the DMARC spec? > > d/ > > > -- > Dave Crocker > Brandenburg InternetWorking > bbiw.net > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc