An ARC implementer recently pointed out that the rationale for capturing the contents of the Authentication-Results: header in the ARC-Authentication-Results: header wasn't clear from reading the specification. So I'd like to propose some changes to the draft specification to address this point.
Apologies if my method of suggesting/describing changes is out of order - redirects welcomed. Section 1 "Introduction" -- First paragraph, first sentence, change "non-compliant messages" to "handling messages that fail to authenticate." Split the existing first paragraph; make the last three sentences a separate paragraph, starting with "This specification defines..." Modify the second sentence of the new second paragraph to append, ", and preserve the contents of the Authentication-Results: header created by ARC-aware intermediaries." Replace the last paragraph of the section with the following: > Another goal is to capture and convey the contents of the > Authentication-Results (A-R) mechanism [RFC7601] as seen by > intermediaries in indirect mailflows. Normally A-R permits the results > of an email authentication evaluation process to be transmitted from > the evaluating agent (e.g. an MTA) to a consumer that makes use of the > information (e.g. a filtering mechanism or MUA). A-R is usually only > used this way within a given ADMD, but ARC can reliably convey the > contents of the A-R header that each ARC-aware intermediary generates > between ADMDs. The final message receiver may choose to use this > information from valid ARC chains - particularly the A-R contents > recorded by the first ARC-aware intermediary - in evaluating messages > that fail to authenticate through direct checks of protocols like > DKIM, DMARC, or SPF. > > For more detailed examples of when and how A-A-R contents might be > used by message receivers, please refer to [ARC-USAGE]. > Section 2.3 "Utility" -- Append the following to the first sentence: "..., including the authentication results observed by each ARC-aware intermediary." Section 4 "Overview" -- Append the following to the first sentence of the second paragraph: "... and any authentication results they evaluated when receiving the message." Section 5.1.3's first paragraph is a bit awkward. I'd like to propose the following replacement text for changes: > ARC-Authentication-Results (AAR) is a copy of the contents of the > Authentication-Results: header [RFC7601] as generated by the ADMD > creating this set of ARC headers. That is, it captures the > authentication results that the reporting ADMD observed when it > received the message from another ADMD. I recommend striking the second paragraph (sentence) in this section about the "i=" tag -- the same exact text appears in the following 5.1.3.1 "`i' Tag Value" --Steve. _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
