On 5/10/2016 5:23 PM, John Levine wrote:
Should DMARC add a policy setting for whether the domain owner feels that
ARC should be used to bypass regular DMARC evaluation?
Please, no. One approach to what we can oversimplify as the mailing
list problem is to do it from the sending end, with the sender using
something like conditional double signatures to say mutated messages
are OK. The other is to provide data that the recipient can use
to decide these mutations are OK.
ARC is definitely in the latter camp, and it would be painful to
have both ends arguing about how OK stuff is.
I have a mixed reaction.
Simplicity is a strong draw, putting me in John's camp.
On the other hand, for purely transactional domains, it could be simpler
for the recipient to be able to easily find that ARC-ish mechanisms are
not authorized.
ARC, ultimately, relies on having the receiver trust assertions made by
the first ARC signer. Things get easier for the receiver if they see a
statement by the domain owner saying "don't bother with ARC".
But yeah, it's another bit of mechanism. So the question is just how
much meaningful benefit is there likely to be? I can't answer that.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
