Perhaps "advised" was a wrong choice of words. I understand that ARC makes no additional demands on the sender. But would it be beneficial or harmful (or neutral) for the sender to do so anyway?
I can imagine validators taking note of ARC capability of an ADMD for reputation tracking. If an email is send by a sender known to start the ARC chain itself, the start of a chain by a malicious sender spoofing as an intermediary could help a validator draw more appropriate conclusions about it's trustworthiness. It would still be possible for a malicious party to spoof an entire chain, but it would be just a little bit harder to do so. I was just wondering if there could be any real-world validity to these assumptions. On Thu, Jul 12, 2018 at 12:55 PM, Kurt Andersen (b) <kb...@drkurt.com> wrote: > On Thu, Jul 12, 2018 at 12:58 AM, Martijn van der Lee < > martijn=40dmarcanalyzer....@dmarc.ietf.org> wrote: > >> This is more in regards to the Recommended Usage draft than the ARC spec >> itself (and possibly this has been answered elsewhere before). >> >> Is a message sender allowed (or perhaps even advised) to be part of the >> ARC chain as the first set of the chain? >> > > Allowed = yes; advised = no > > The protocol was explicitly designed to require no changes on the part of > the initiating ADMD. It is only for intermediary ADMDs, and especially > those which do or may change the message in some fashion (that impacts > authentication mechanisms). Sort of by definition (SPF-wise), that would > include all intermediaries, but we mainly have in mind those which break > the validity of the DKIM signature(s). > > --Kurt > -- Best regards, Martijn van der Lee Software developer DMARC Analyzer - Trusted. Email. Delivered. Stationsplein 12 | 1211 EX | Hilversum | The Netherlands www.dmarcanalyzer.com | +31 (0) 85 13 00 788 We are accredited on security and privacy by the DDMA Privacy Authority.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
