On Fri 28/Feb/2025 20:34:11 +0100 Tero Kivinen wrote:
Alessandro Vesely writes:
Another problem is that my email filtering do check ARC, but
spamassassin can only validate ARC signatures, I do not think there is
a way to say that it should set SPF/DKIM/DMARC test results based on
the valid ARC signature from trusted source, so I can't really use the
ARC signatures yet.
In the fix-forwarding draft, this is the only software to be developed. A
possible algorithm for verification could be the following:
1) Find "list-id" in the List-Id: header field (which should be unique).
2) Find the domain (d=) in the top ARC-Seal: header field (the one with the
highest i=).
3) Verify that the final part of list-id matches the sealing domain.
4) For each recipient, verify that the <recipient, list-id> pair is in the list
of active agreements.
Not a big task, right? This is the only software required, as managing the list
of active agreements could be done manually, using a text editor. Oh well,
there is also a web form to set up, which should not necessarily require
software development. Of course, large companies would automate much more. The
point is that even home-grown mail sites can adopt fix-forwarding without any
problems.
Best
Ale
--
_______________________________________________
dmarc mailing list -- dmarc@ietf.org
To unsubscribe send an email to dmarc-le...@ietf.org
