Giter Site home page Giter Site logo

Comments (2)

marcbradshaw avatar marcbradshaw commented on August 14, 2024

Hi,

I don't think there is anything to do in the Mail::DMARC layer to support this.

ARC should be considered as an additional step to DMARC, and should not modify how DMARC is processed. That is, ARC may be used to reason about why a DMARC fail should be overridden, but MUST NOT cause a message that would otherwise have failed DMARC to pass. This can be expressed in reporting using the evaluated disposition and comment field (and will be improved with adoption of DMARCbis). This is as described in sections 7.2.1 and 7.2.2 of rfc8617 as you mentioned.

Senders, especially those consuming DMARC reports would be confused by reports where a DMARC fail is reported as a pass due to a local policy decision (such as ARC).

For an example of how this works in practice see https://github.com/fastmail/authentication_milter/blob/master/lib/Mail/Milter/Authentication/Handler/ARC.pm and the associated DMARC handler module.

The simplified flow for overrides here is to walk back over the ARC seals, and when the sealer is trusted (how you define that trust is up to you, but reasonable due diligence should be undertaken) re-evaluate DMARC based on the DKIM and SPF state asserted by the trusted ARC sealer in the relevant AAR header, and override DMARC accordingly.

It is important to state here, that the mere presence of an ARC set should never be taken as a blanket override for DMARC. The asserted authentication state in the AAR headers should be used, that state should be used to re-evaluate DMARC, the original DMARC result should be overridden but the original state should be reported, and in all of this the trust model is important.

from mail-dmarc.

bigio avatar bigio commented on August 14, 2024

Thanks for the details.

from mail-dmarc.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.