On October 26, 2015 9:12:17 AM EDT, Roland Turner via dmarc-discuss <dmarc-discuss@dmarc.org> wrote: >Scott Kitterman wrote: ... snipped down to one bit as we seem to mostly be going around in circles ... >> As a domain owner, I can control what sources of mail are able to >> generate mail that passes SPF or has a valid DKIM signature with d= >my >> domain. Anyone, anywhere can generate an ARC stamp with my domain in >it, >> so it's completely different. > >No, they can't. > >(More accurately, like a DKIM signature, anyone can create one, but it >won't validate unless they've also gotten their hands on one of your >private keys.)
Who adds the ARC stamp? Perhaps I read it wrong, but I read it as being added by the intermediary and not the originator (previous hop). If I read it right, anyone can create an ARC stamp claiming to have received authenticate (e.g. DKIM signed) mail from my domain. Am I reading it wrong? Scott K _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)