>ARC is motivated by the cases where DKIM/SPF/DMARC information about the >author/originator get broken.
I'm truly trying to find a justification to break DKIM/SPF on a message after it is sent. SPF -> You should be aware of all the servers that can be involved in the message transaction so no excuse to not have them reflected in the SPF record DKIM -> The message should only be signed after it is complete and leaving your controlled environment. Any modification to the message afterwards is tampering and should not happen. Nevertheless, if a message is ARC signed then SPF and DKIM results become irrelevant, right ? So why bother having SPF and DKIM in the first place ? On Sun, Jun 19, 2022 at 1:19 PM Dave Crocker <d...@dcrocker.net> wrote: > > On 6/17/2022 6:17 AM, Paulo Pinto via mailop wrote: > > tldr; what ARC tries to address is already correctly handled by > > DKIM/SPF/DMARC if used as designed. > > None of those provide an authenticated handling record in the message. > > ARC is motivated by the cases where DKIM/SPF/DMARC information about the > author/originator get broken. > > With ARC, besides a authenticated handling sequence, there is > information about those original authentication tidbits that got broken, > when the site providing the tidbits says how its own evaluation went. > > The challenge to the receiving site, then, is to decide whether to > believe that evaluating intermediary site (as well as then deciding on > an evaluation or the originating site. > > d/ > -- -- Paulo Azevedo
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop