On 2020-04-23 02:20, John Levine wrote:
> In article <51be5654-94c4-38c6-8f6b-dca403d66...@dcrocker.net> you
> write:
>> The paper asserts that AR is used as DMARC input. I suspect that is
>> rarely, if ever, true. Yes? No?
>
> I'd say never. To do DMARC rejects you have to do all of the
> validation in the SMTP daemon, which is before anything has a chance
> to create an A-R header.
Of course this is possible with the Milter protocol introduced by
Sendmail and used also by Postfix. The mail traverses during the SMTP
phase through different milters, e.g. a SPF milter, followed by a DKIM
milter, and every milter injects an AR header with its results. The last
milter is a DMARC milter that processes the AR headers and signals the
SMTP daemon do either accept or reject the message. This is how OpenDKIM
& OpenDMARC work together.
This is done all the time, and not just by Sendmail and Postfix.
Other projects do it all in one milter (rspamd?)...
Yes, but when you do it all in one go it's more difficult to customize.
Ned
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
