On Monday, October 26, 2015 7:52 AM [GMT+1=CET], Roland Turner via dmarc-discuss wrote:
> J. Gomez wrote: > > > How do you know the sender is trustworthy, if the email > > he sends is failing a DMARC check? > > This question is an operational one that is out of scope for a > protocol specification whose purpose is to facilitate interoperation > of mechanisms (software). Operators will always make their own > decisions about who to trust. > > > Is this ARC thing a mechanism to know when it is safe to ignore > > the sender's DMARC policy of "p=reject"? And if it is such, > > shouldn't it be part of the DMARC standard? > > ARC is still an experiment, working out whether it should pass > through IETF as part of DMARC or as a separate specification is > probably a little premature at this moment. I'd suggest that there > are arguments both for and against doing so. Thanks for your answers. You seem knowledgeable about ARC, so please bear with me... Let's consider this scenario of a mail flow: [email protected] --> [email protected] --> [email protected] Where both [email protected] and [email protected] are subscribers to the mailing list "List of Ponies". And let's agree on the axiom that if a user has subscribed to a mailing list, then that user wants the messages from that mailing list to land on his Inbox. If the postmaster at i-host-email.com is checking DMARC in incoming email, and if yahoo.com is publishing p=reject, that postmaster now has the problem of how to make sure that messages which [email protected] has sent to [email protected] arrive successfully to the Inbox of [email protected], in a safe and automated way. I.e., that postmaster now has the problem of how to override DMARC in a safe and automated way. And now, lets agree on a second axiom: if that postmaster would normally accept direct messages from [email protected] to [email protected], the idea would be that he would also accept messages from [email protected] to [email protected] if a positive verification could be made about whether said messages had really originated from [email protected]. The question I have is: Can ARC help that postmaster with doing such a verification? (Yes/No) Regards, J.Gomez _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
