My understanding is that ARC validators have a list of trusted ADMDs
<https://github.com/trusteddomainproject/ARC_Community_Sealers/blob/master/community_sealer_whitelist>
(domains) that they trust the ARC results of to be "accurate and true".
If the chain is valid at receipt, all of the sealed ADMD ARC sets are
trusted, and the authentication results were originally a DMARC pass
result at i=1 (the first instance), it's possible to use these results
to inform other decision making processes, such as DMARC, to override an
otherwise failing authentication scenario.
Of course, anyone can seal ARC, but whether or not their ADMD is trusted
by receivers is another matter. It depends on who the validator is, and
who they trust.
- Mark Alley
On 4/14/2023 8:10 AM, Jarland Donnell via mailop wrote:
On 2023-04-14 07:45, Taavi Eomäe via mailop wrote:
On 14/04/2023 15:22, Laura Atkins via mailop wrote:
Unless they’re rewriting the envelope, yes. This is part and parcel
of how SPF works. I’m somewhat surprised that those services are not
rewriting the envelope, though. Unfortunately, I don’t have the
Google access / infrastructure to test this and see what they’re doing.
Google supports ARC, SRS is a hack of the past compared to it.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
Correct me if I'm wrong but isn't the trust level of ARC basically
"trust me bro?" At least SRS and SPF require ownership of the domain.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
