On Tue 16/May/2023 04:32:21 +0200 Hector Santos wrote:
I find it technically unfeasible and non-logical to support a high overhead, complex ARC concept that has no promise of any solution for a DKIM Policy model we have been seeking since 2005.
The concept evolved from the need to export Authentication-Results:. The outcome is just a little more complex than DKIM. Technical feasibility is proven by implementations. I, for one, implemented it on top of DKIM without having to go through hoops.
What are we solving in the first place with ARC?
IMHO, besides collecting A-Rs at various steps, ARC brings the ability to gather a chain of authentications. Compared to an unordered set of DKIM signatures, ARC delivers a neat verification already at the (low) algorithmic level.
You have to implement it to appreciate it fully.
In my technical view, it has been the PORT 25 unsolicited 3rd party signature unauthorized by the author domain due to the dearth of scaled AUTHOR::SIGNER Authorization methods. ARC is not resolving this problem. The overhead is horrendous.
Like DKIM, ARC tells you nothing if you don't trust the signers. Best Ale -- _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
