On 12/5/2020 5:07 PM, Michael Thomas wrote:
On 12/5/20 2:02 PM, John Levine wrote:
OK, ARC doesn't do that. This does not mean that ARC is broken, only
that you appear to have different policy priorities than other people.
As you know, DMARC has never obliged recipients to follow senders'
policies so this is nothing new.
If ARC is advocating for a bypass of p=reject that introduces a new
state. If my policy is reject, I want you to reject the mail. If I
want you to reject the mail unless you think it has come from an
acceptable place with receipts, then you need a new policy tag like
reject-except-valid-arc.
I have long suggested one way to resolve this is by using a new DMARC
extended "arc=" switch. Allow the author domain define what is
acceptable from an ARC standpoint, if interested.
arc=N where N is the arc seal count, whatever amount is allow to
"promote" a failed DKIM to a pass. The inherent default arc=0 would
suggest arc should not be a consideration DKIM fails.
In principle, I am for using DMARC extended switches to outline the
different protocol behaviors.
arc=1 DMARC Receiver MAY consider using arc for failure promotion
atps=1 DMARC MAY consider using RFC6541
rewrite=0 Mailing List SHOULD NOT rewrite 5322.From
Keep it simple folks.
--
Hector Santos,
https://secure.santronics.com
https://twitter.com/hectorsantos
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
