Comments (2)
Hi,
I don't think there is anything to do in the Mail::DMARC layer to support this.
ARC should be considered as an additional step to DMARC, and should not modify how DMARC is processed. That is, ARC may be used to reason about why a DMARC fail should be overridden, but MUST NOT cause a message that would otherwise have failed DMARC to pass. This can be expressed in reporting using the evaluated disposition and comment field (and will be improved with adoption of DMARCbis). This is as described in sections 7.2.1 and 7.2.2 of rfc8617 as you mentioned.
Senders, especially those consuming DMARC reports would be confused by reports where a DMARC fail is reported as a pass due to a local policy decision (such as ARC).
For an example of how this works in practice see https://github.com/fastmail/authentication_milter/blob/master/lib/Mail/Milter/Authentication/Handler/ARC.pm and the associated DMARC handler module.
The simplified flow for overrides here is to walk back over the ARC seals, and when the sealer is trusted (how you define that trust is up to you, but reasonable due diligence should be undertaken) re-evaluate DMARC based on the DKIM and SPF state asserted by the trusted ARC sealer in the relevant AAR header, and override DMARC accordingly.
It is important to state here, that the mere presence of an ARC set should never be taken as a blanket override for DMARC. The asserted authentication state in the AAR headers should be used, that state should be used to re-evaluate DMARC, the original DMARC result should be overridden but the original state should be reported, and in all of this the trust model is important.
from mail-dmarc.
Thanks for the details.
from mail-dmarc.
Related Issues (20)
- Invalid XML in generated reports HOT 3
- error sending report: Can't locate object method "code" via package "timeout " HOT 1
- Would like to have a way to specify port and ssl actions for imap
- t/04.PurePerl.t started to fail
- Reports with delivery issues aren't removed HOT 1
- spamassassin 4 fails to make dmarc repots HOT 2
- Is Net::SSLeay used ? HOT 1
- use MIME::Entity and MIME::Parser from MIME::Tools instead of Email::MIME HOT 3
- Disposition is 'reject' but should be 'none' for subdomain HOT 3
- Unable to view backends in ./t/travis/backends HOT 4
- Several issues in file search functions
- TLS is not properly enforced for IMAP connections HOT 2
- Unsafe use of eval in Report::Store
- Broken links in README.md
- "Use of uninitialized value" messages HOT 1
- Support attachments as input directly
- add a to_string method to Mail::DMARC::Policy
- dmarc_view_reports: allow filtering by and displaying report ID
- Misaligned output from dmarc_view_reports with longer hostnames
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mail-dmarc.