Hi, Le 05/02/2026 à 17:19, Murray S. Kucherawy a écrit : > > But as you rightly point out, (2) could take many years given recent > evidence about how fast this community (doesn't) converge.
If this is so, then maybe it doesn't make so much sense to throw away the existing deployments and start all over again from first principles. ARC provides the receiver side half of a hop-by-hop message authentication chain. The only hole that remains to be plugged is the sender side half: each sender's certification of their "To" header (together with "From", "Date", but independent from content). This could be added to all messages on egress, using the same machinery as DKIM signatures, just with different semantics. Then, assuming that every receiver is an authorized forwarder (which is an acceptable assumption in the common case), the whole forwarding trail can be followed and verified. Those questions might not be appropriate for an already winding-down and burnt-out working group, but IMHO they deserve to be asked. Cheers, B.C. _______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
