I'm on the same page as Brandon. Additionally, earlier on the list and also in Prague, it was discussed formalizing DMARC reporting for ARC in a separate document, which would extend/override 9.6.2 of the current spec.
On Tue, Aug 15, 2017 at 3:18 PM, Brandon Long <bl...@google.com> wrote: > For our usage, we still consider dmarc=fail, and then include the actual > disposition (dis=) in the comments in the auth-res header. In the xml rua > report, we would then specify in the PolicyEvaluatedType the actual > disposition and the PolicyOverrideType of local_policy with a comment > saying arc=pass. > > This is all said explicitly in draft-ietf-dmarc-arc-protocol-08 9.6.2, > though it does this with the fragment of the dmarc report instead of in > text. > > We could expand this to something like... > > ARC is not used in DMARC evaluation, the DMARC result is independent of > ARC. ARC can be used by a receiver to override the Domain Owner's policy > and apply a different disposition from what they asked for. In that case, > it should be reported as a DMARC fail with a PolicyOverrideType of > local_policy. > > Brandon > > On Tue, Aug 15, 2017 at 11:42 AM, Dave Crocker <dcroc...@gmail.com> wrote: > >> G'day. >> >> ARC is motivated by a desire to deal with a class of DMARC failures. In >> that context, it can be seen as 'augmenting' DMARC, even though it is >> formally separate from DMARC. That is, ARC doesn't and shouldn't specify >> how ARC is used in a DMARC context. But there needs to be some >> understanding -- and I suspect a spec, somewhere, eventually -- that says >> how to integrate ARC into an engine that includes DMARC. >> >> BTW, the DMARC spec uses the terms 'pass' and 'fail' with respect to the >> underlying authentication mechanisms of DKIM and SPF. It also uses it >> within the context of DMARC processing, itself, but it does not define what >> those terms mean, in that context. Beyond reference to DMARC 'policy' >> records, text in the specs that talk about processing DMARC policy is >> similarly implicit, rather than explicit. The only clear, explicit >> directive about DMARC outcomes seems to be Section 6.6.2 #6, Apply policy. >> >> An example of possible confusion in the case of ARC: does DMARC still >> 'fail'? Yet the whole point of ARC is to create the possibility of still >> getting delivered, in spite of this. >> >> So, were one to write something to augment the DMARC spec, in support of >> ARC, what are the kinds of text one ought to formulate and how should they >> be linked to the DMARC spec? >> >> d/ >> >> >> -- >> Dave Crocker >> Brandenburg InternetWorking >> bbiw.net >> >> _______________________________________________ >> dmarc mailing list >> dmarc@ietf.org >> https://www.ietf.org/mailman/listinfo/dmarc >> > > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc > >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
