On 6/17/2022 6:17 AM, Paulo Pinto via mailop wrote:
tldr; what ARC tries to address is already correctly handled by
DKIM/SPF/DMARC if used as designed.
None of those provide an authenticated handling record in the message.
ARC is motivated by the cases where DKIM/SPF/DMARC information about the
author/originator get broken.
With ARC, besides a authenticated handling sequence, there is
information about those original authentication tidbits that got broken,
when the site providing the tidbits says how its own evaluation went.
The challenge to the receiving site, then, is to decide whether to
believe that evaluating intermediary site (as well as then deciding on
an evaluation or the originating site.
d/
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
