As I understand ARC, it is means of transporting the original auth-res to the destination in case the origin signature is broken by an intermediary. From there the destination can decide one way or the other to override the DMARC policy of, say, reject. There are, however, use cases where that is exactly wrong and in no case does the originating domain want such an override to happen. Consider my bank sending me transactional email. If somehow somebody managed to get that mail through a mailing list and arc-resigned it, my bank does *not* want that mail to be delivered regardless of the reputation of the mailing list because something weird and wrong is happening on its face.
Mike _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
