On Mon 06/Dec/2021 21:04:37 +0100 Dave Crocker wrote:
On 12/6/2021 11:56 AM, Scott Kitterman wrote:
Somewhere we need to explain about how ARC related to DMARC. If it's going
to be in the protocol specification, this is the place. Otherwise it would
go in the appendix I keep mentioning that we need which explains options
senders, intermediaries, and receivers can do to mitigate DMARC
interoperability challenges.
You want to comment on ARC in the DMARC specification? Don't do that.
ARC currently has nothing to do with DMARC. And DMARC currently has nothing to
do with ARC.
That seems to imply that the reporting extensions aimed at ARC (ticket #56)
should not actually mention it. Aggregate reporting would describe a
completely abstract method to add piggyback functionality to reporting. That
arguably entails a registry of optional contents and possibly places to specify
which additional contents a consumer is interested in...
To change this will require writing a specification, presumably as an
enhancement to DMARC, to include consideration of ARC.
Or else, an enhancement to ARC to include consideration of DMARC. In
particular, ARC should consider From: rewriting and provide a way to restore
the original value locally if the message is authenticated.
In technical terms, the ARC specification must not know about or care about
DMARC, since ARC is attempting to augment DKIM, rather than an upper-level
function that uses DKIM, which is what DMARC is.
Yes, ARC originated as an alternative to conditional DKIM signatures. But that
was in the context of DMARC effect on indirect mail flows.
If it helps, draw boxes with labels for different functions, like SPF, DKIM,
and DMARC. Draw arrows between them,to establish which provides functionality
and which uses it.
It's just an extension of the drawing in Section 4.4 of the draft. I attach an
attempt
(Would something like that serve for the html version of the I-D?)
A providing specification must not know or document anything about a consumer.
Otherwise it is, effectively, a layer violation. It also invites messy
complexity and out-of-date references, as specifications change.
The trick is to replace the rewritten From: in the MDA Filtering Engine,
/after/ any external forwarding.
To the extent that there is a strong benefit in having a document that
discussion an aggregation of components, then it's a separate operations or
architecture document.
Yes.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
