Shal wrote: > Roland wrote: > >> - Forwarders who are large enough to be monitoring deliverability can >> trivially determine whether their ARC-signing is being successfully >> validated and/or when receivers trust them enough to accept messages >> despite failing DMARC. > > I see how that is possible when the forwarder has taken "ownership" > of the message by putting their own domain in the From, but if they do > ARC signing without taking ownership how do they know anything about > the receiver's authentication results? I missed any reference to the > intermediaries getting reports.
DMARC feedback only tells Domain Owners about authentication results, it tells them nothing about deliverability and tells forwarders nothing at all. Assessing deliverability to a receiver requires monitored mailboxes on the receiver in question. The same mechanism will give access to Authentication-Results: headers. Per the above, it's generally only larger forwarders (or originators) who will be doing this. >>> Now it is also true that the service can't know which receiving domains >>> implement >>> DMARC processing, except by way of public announcements or user complaints >>> of >>> non-delivery. >> >> This is not entirely correct. DMARC aggregate reports and >> Authentication-Results: headers both make clear whether (a) a receiver >> is implementing DMARC and (b) validation is succeeding. > > Yes, but those reports go to an address specified by originator's > DNS records, as I understand it. Not to the intermediary, unless > the intermediary becomes the originator by putting their own domain > in the From: of the message. Apologies, I missed "the service" in your comment so, no DMARC aggregate feedback would not be available. As above, Authentication-Results: access would also require monitored mailboxes in the receivers in question which, as above, is generally only relevant for larger forwarders/originators. Smaller forwarders shouldn't be dropping their workarounds just yet. - Roland _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)