Under both the current spec ( https://tools.ietf.org/html/draft-ietf-dmarc-arc-protocol-03#section-5.1.3) and the proposed spec ( http://blackops.org/~msk/draft-kucherawy-dmarc-arc-base.txt section 5.2), an ARC Set [i] can have only a single AAR header.
It is clear how to construct an AAR when there are 0 or 1 Authentication-Result headers from the current ADMD. Per spec it is ambiguous how to construct the AAR when there are multiple AR headers. Looking at random messages on this list, I've seen anywhere from two to five AR headers per message. Locally, with opendkim and opendmarc running, there are three locally generated AR headers that get passed to openarc. It looks like seeing multiple AR headers is going to be a common occurrence for ARC implementations to handle. When there are multiple headers, the current openarc implementation just uses the first AR header it sees and ignores the rest. Dkimpy leaves it to the user to pass in the appropriate AR header as a parameter. If the goal of the AAR is to provide a copy of ADMD authentication results so that the originating dmarc disposition of a message can be determined and trace information can be provided to the final receiver, then it seems like: 1) there needs to be a discussion on how to handle multiple AR headers 2) this guidance is needed in spec Is this a problem the group thinks needs discussion? -- [image: logo for sig file.png] Bringing Trust to Email Seth Blank | Head of Product for Open Source and Protocols [email protected] +1-415-894-2724 <415-894-2724>
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
