On 2020-04-23 02:20, John Levine wrote: > In article <51be5654-94c4-38c6-8f6b-dca403d66...@dcrocker.net> you > write:
>> The paper asserts that AR is used as DMARC input. I suspect that is >> rarely, if ever, true. Yes? No? > > I'd say never. To do DMARC rejects you have to do all of the > validation in the SMTP daemon, which is before anything has a chance > to create an A-R header.
Of course this is possible with the Milter protocol introduced by Sendmail and used also by Postfix. The mail traverses during the SMTP phase through different milters, e.g. a SPF milter, followed by a DKIM milter, and every milter injects an AR header with its results. The last milter is a DMARC milter that processes the AR headers and signals the SMTP daemon do either accept or reject the message. This is how OpenDKIM & OpenDMARC work together.
This is done all the time, and not just by Sendmail and Postfix.
Other projects do it all in one milter (rspamd?)...
Yes, but when you do it all in one go it's more difficult to customize. Ned _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc