On 2020-04-23 02:20, John Levine wrote:
In article <[email protected]> you
write:
The paper asserts that AR is used as DMARC input. I suspect that is
rarely, if ever, true. Yes? No?
I'd say never. To do DMARC rejects you have to do all of the
validation in the SMTP daemon, which is before anything has a chance
to create an A-R header.
Of course this is possible with the Milter protocol introduced by
Sendmail and used also by Postfix. The mail traverses during the SMTP
phase through different milters, e.g. a SPF milter, followed by a DKIM
milter, and every milter injects an AR header with its results. The last
milter is a DMARC milter that processes the AR headers and signals the
SMTP daemon do either accept or reject the message. This is how OpenDKIM
& OpenDMARC work together.
Other projects do it all in one milter (rspamd?)...
Juri
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
