1. ARC not provide a way to send bounce to sender when rcpt behind srs can't accept email due to x reasons. SRS needed when you doing forwarding service.

2. ARC not used on practice to trust email without DKIM and failed SPF, if you not rewrite envelope on forwarding mentioned rspamd will potentially reject you or at least give noticeable more score, so your statement is false.

3. ARC validation in general in SMTP is not for that cases. It will not solve case with failed SPF without DKIM even if email would be ARC signed. F.e. I can write that I'm envel...@somesender.com, put by myself Recieved header like it was received by IP that by SPF of somesender.com is allowed, and sign email with ARC, is this would mean it's was really sent by somesender.com? No. It can be trusted? No.

JFYI I not say to not use ARC, I just say ARC is not a solution for this sort of task.

Regards,
Dmytro Alieksieiev
DevOps Engineer

On 18/04/2025 13:34, Benny Pedersen via Postfix-users wrote:
Dmytro Alieksieiev skrev den 2025-04-18 13:25:
Hi Benn, you want propose any better alternatives for a forwarding to
not break SPF and have ability properly send emails without DKIM?

the forwarding host have there own spf record, so fix this, its teknical not possible to have borh envelope sender domains keeped aligned in dmarc, but the forwarding host envelope domain can still pass spf from the mta sending point, if one need more its time to setup rspamd on the forwarding server to do ARC-Seal, ARC-Sign, so trustness can be build up from the origin domain

see headers from my mail here, its perfect, thanks for finaly see sys4.de knows what thay do with rspamd now :=)

_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to