On 15.07.2017 09:20, Kurt Andersen wrote: > It seems like there is another problem here if OpenARC is trying to take a > "foreign" A-R header and suck it into being "your" AAR header. The only > auth results that should ever be trusted is the one you create (per > RFC7601).
OpenARC parses all A-R headers and reads them into a structure - one by one. After an A-R header is parsed, the AuthServID is compared and if it matches, the parsed A-R header is further used - else it is ignored. So no problem here. Juri _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
