On Fri, Aug 11, 2017 at 5:50 PM, Bron Gondwana <br...@fastmailteam.com>

> Again - why seal on ingress?  It's bogus.
> * check authentication on ingress
> * add authentication on egress
> That's the pattern that means something and works.  Otherwise your
> internal mechanisms are going to have to be either ARC aware anyway, or
> you'll have to fix up ARC anyway.

As long as your method of communicating the ingress auth check survives the
transit of your internal infrastructure (which A-R does not necessarily do
as a result of some brain-dead gateway implementations), I agree. Sealing
on ingress is one such way to provide that communication from ingress point
to egress point but is a bit noisy to do so.

dmarc mailing list

Reply via email to