It appears that Murray S. Kucherawy <[email protected]> said: >This is intentional. DKIM also isn't specific about how a passing or >failing signature is to be interpreted, especially since DKIM can fail for >lots of otherwise legitimate reasons, for example.
You are right that it says nothing about how to interpret a passing signature, but the RFC is quite clear that an invalid signature is the same as no signature. >> From my understanding It seems ARC will pass as long as the chains >> integrity isn’t compromised *not* because of bad values in a header like >> this correct? >> > >That's the primary purpose of ARC as I understand it. It's meant to >capture the authentication results of the message when it makes its first >hop (e.g., to an MLM), and then preserve that result onward. It doesn't >care much what the result was. Quite right. In practice, the most likely use of ARC that I've seen is that if you get a valid ARC chain from a credible system (in the sense that you believe its ARC chains are real), if the original seal says the message was DMARC aligned, you act as though the current modified message is aligned, too. I don't know if anyone actually does that -- we seem to be in an endless testing and data gathering phase. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
