From what I can tell, the main thing that ARC is doing is binding an auth-res
to a dkim signature-like thing. But as I recall -- it's been a long time --
there were ordering requirements ala received headers for where new
dkim-signatures and auth-res go in the header. Assuming my memory is correct,
that means you can reconstruct "what this looked like before i messed with
it" already by signing the incoming auth-res as part of the new DKIM
signature.
Is there something more going on here?
Not really. There are ordering rules but mail systems do not follow them
reliably, DKIM signatures in practice are not ordered. Also, A-R can be
deleted in some situations, so ARC makes copies of them to be more robust
in transit.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc