On October 23, 2015 2:10:26 PM EDT, "J. Gomez via dmarc-discuss" <dmarc-discuss@dmarc.org> wrote: >On Friday, October 23, 2015 4:07 PM, Scott Kitterman via dmarc-discuss >wrote: > >> On October 23, 2015 1:48:13 AM EDT, Roland Turner via dmarc-discuss >> <dmarc-discuss@dmarc.org> wrote: >> > The question is not who you trust - ARC doesn't directly change >> > that - but how you reliably automate determining whether the >> > message was forwarded only by people that you trust. At present, >> > you have to dig through Received: headers, infer per-forwarder >> > internal structure and behaviour and, frequently, guess. ARC >> > addresses that problem, not the one you're asking about. >> >> I don't see why the signing domain of the DKIM signature that could >> be added by the most recent sender doesn't already give an identifier >> to use to evaluate trust in the sender. >> >> I can see that ARC gives a way to communicate information about the >> upstream senders, but I don't see how that's related to DMARC. >> >> From a DMARC perspective, if you know the sender is trustworthy, you >> do a local override. ARC doesn't seem to be needed for that. > >How do you know the sender is trustworthy, if the email he sends >is failing a DMARC check? > >Is this ARC thing a mechanism to know when it is safe to ignore >the sender's DMARC policy of "p=reject"? And if it is such, shouldn't >it be part of the DMARC standard?
It's not. It's only useful when provided by senders you trust. Scott K _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)