On 4/2/22 3:56 PM, Jeroen Massar wrote:
On 3 Apr 2022, at 00:29, Michael Thomas <m...@mtcc.com> wrote:
On 4/2/22 3:23 PM, Jeroen Massar via NANOG wrote:
Hi Dan,
Hope the rest of the world is treating you decently!
There are a lot of bits and bobs that one has to get right for mail to flow,
amongst which:
- IP -> PTR lookup -> that hostname lookup, and match to IP again
(https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS)
- SPF
- DKIM
- DMARC
- ARC (for mailinglists)
Seriously spend zero time on ARC. It doesn't work as advertised... [snip, see
below]
Unless one works at the large ESPs, hard to tell what they really care about
and verify.
Google at least adds ARC headers in Gmail, and did the editing of RFC8617.
ARC resolves into a previously unsolved problem: reputation. You could
do reputation with plain old DKIM too, so I don't see why changing the
name of the header changes anything on the ground. And nobody could give
me an answer of why signing previous Authentication-Results is useful
for toward that end. It's just more magical thinking.
Thank goodness it's an experimental RFC so it can go the way of the dodo.
Mike