The latest ARC base document says this about the ARC-Authentication-Results field:
ARC-Authentication-Results is a direct copy of the Authentication- Results header field [RFC7601 <https://tools.ietf.org/html/rfc7601>] created for archival purposes by the each MTA outside of the trust boundary of the originating system which is contributing to the chain of ARC header fields. The corresponding instance ("i=") tag value MUST be prefixed to the Authentication-Results. Apart from the grammatical glitch ("the each"), this appears to me to be saying: "Collect the contents of the A-R fields that already exist and re-record those results into a new A-A-R field." Should that include the results computed by the ADMD that's doing this work? Either way, is this even possible? Since A-A-R is (apart from the "i=" tag) syntactically identical to an A-R (RFC7601) header field, and an A-R field has a single authserv-id, and the authserv-id is presumably integral to the final recipient deciding whether to trust the message, what does an implementer do with this?: A-R: admd1; dkim=pass header.d=example.com A-R: admd2; dkim=fail header.d=example.com What A-A-R am I supposed to generate from that? Does order matter? It seems to me that, at a minimum, the name(s) of the ADMD(s) will be lost; assuming that's okay, here's what I get: A-A-R: i=N; my-authserv-id; dkim=pass header.d=example.com; dkim=fail header.d=example.com As a final recipient, I'd have no idea what to do with that. Confused, -MSK
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
