Douglas Foster skrev den 2025-06-11 13:01:
I have recently noticed that 25% of all ARC chains arrive broken,
because of outbound gateway services that make unintended changes.
Messages still pass DMARC, because the vendors add a client signature
after the cause the damage. Nonetheless, trust is broken and mailing
list problems return.
Is this event covered by either aggregate reporting or failure
reporting?
seems you post from gmail.com with here did not add ARC ?
X-Spam-Status No, score=1.871 tagged_above=-999 required=5
tests=[DKIM_ADSP_CUSTOM_MED=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001,
FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.065,
HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-0.1, RCVD_IN_MSPIKE_H5=0.001,
RCVD_IN_MSPIKE_WL=0.001, RELAYCOUNTRY_GREY=0.1, SPF_HELO_NONE=2,
SPF_PASS=-0.1] autolearn=no autolearn_force=no
Authentication-Results mx.junc.eu (amavis); dkim=pass (1024-bit key)
header.d=ietf.org header.b="FtrUO8yQ"; dkim=pass (1024-bit key)
header.d=ietf.org header.b="FtrUO8yQ"; dkim=fail (2048-bit key)
reason="fail (message has been altered)" header.d=gmail.com
header.b="drwB+hEb"
Authentication-Results mail2.ietf.org (amavisd-new); dkim=pass (2048-bit
key) header.d=gmail.com
how did you make this mistake ? :)
will OpenARC be implemented ad ietf ?
this will solve trust chains, but not dkim brekage
tip for admins is amavisd is ready to make it in one go just like rspamd
_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]
