I am trying to specify the generic form of a local policy rule to trust ARC to override DMARC FAIL. This is my current draft:
- The message's RFC532.From address indicates a wanted and valued sender. - The message produces DMARC FAIL. - The ARC chain is intact - An ARC-A/R entry exists and indicates DMARC PASS, aligned SPF PASS, or aligned DKIM PASS. If more than one such ARC set is found, the highest sequence number is used. - The IP address used for SPF is extractable from the comment field of that same ARC A/R record. - A Received header can be found with the same Source IP address, and - The rest of the Received chain is scanned forward, and all included servers are trusted to create only accurate message headers and to make only non-malicious changes to the message. Given the unpredictability Can anyone simplify this formula? Doug Foster
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
