[dmarc-ietf] Re: Review of draft-ietf-dmarc-arc-to-historic

"Murray S. Kucherawy" <superuser@gmail.com> Mon, 06 July 2026 19:33 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: dmarc@mail2.ietf.org
Delivered-To: dmarc@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 59F8A110D9270 for <dmarc@mail2.ietf.org>; Mon, 6 Jul 2026 12:33:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1783366409; bh=W3PU+AZxTpXRLvSAsRz1qYPsq9UzQIKcusNMWvXkGrI=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=MEiA1olya2KyyfM1gMyIRtMDxSgbyk587J2KvPtuoDVndsTR0ON6EE1hsrlkkoZ0v Pwb7nxgSHUP5UeDZq7m1AYP1xAnN7cWPuTMVhY6JLh/luXDK/8SVAt6oXasrDUyRkY Za/4HCegyCZYteztJNiByHziGncDtqcdR3QZ63F8=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.088
X-Spam-Level:
X-Spam-Status: No, score=-2.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id awfOnTLIGaGT for <dmarc@mail2.ietf.org>; Mon, 6 Jul 2026 12:33:28 -0700 (PDT)
Received: from mail-lf1-x134.google.com (mail-lf1-x134.google.com [IPv6:2a00:1450:4864:20::134]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id AAD5E110CE9D3 for <dmarc@ietf.org>; Mon, 6 Jul 2026 12:07:43 -0700 (PDT)
Received: by mail-lf1-x134.google.com with SMTP id 2adb3069b0e04-5aec6360133so2491313e87.1 for <dmarc@ietf.org>; Mon, 06 Jul 2026 12:07:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1783364862; cv=none; d=google.com; s=arc-20260327; b=MSo7olIO1RnosO2QRPiyUtt72disgmKV8Voz4g663LiXJPJ0lwpB/mgUhJlOatENOU LF9LAMF1289N79q+fHirtzYQUbRGwSdrqo4hJhENj/qmXBDPYaQ3grAl7t2pXn+eu++g pnjDos8CKs23WTgnJOhFaRo03pgbBoSOolHu8t3+Uwo4An+fmbPqlDsgTA9hOT5NLDfc aBUqR03zaiKvPlJ0m8RJuMCv5EZue5dlXekaNPogNUsfoqKzkxJVkt7Wrf4J/thV4eVU 0M1iKeQcR1vhnDlNezd1mm3j0QMgmQrMngYd2+ckWwI240Fwt33R/2ne8u3oDUqqnm6y HGnA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=sI9mEITlSxNm1/HBjxfV31s1yHaF/gh5yPrFI2/IKRA=; fh=FUQHgZrvHDwFfIenxyRaouDoMZ4J6B9nxY7zFHht6RU=; b=Nai2/cXt239ca932Fijf8Obq7ZtVymLE9lcqYdvXqh9ELlQt1bTlOuFBn5j3H/s0eJ ZbwKlCqjF19JasQ3p3D/Rt49tJJtiqlAdvh9kwkidWYa8SshyasKgDTedevQIyuQd4DO taFjIfryV73lQFVEDGZCEtwAbYDwEfXeuX37CKj0/sEnc8p3h2OeM30O+CWMPjvDjMVz KeW6mPTQyPEvRxK4ATVAhlkTKXJ3Vw3TjA+/PDfTjacSdcGQUK10WPN66XNrCzns/M77 uLbRqJ3ZhCG9HwCU51ZI6JsSgFOa4fIinWyUrZZKJclZgzcgoIkHDmdzSDMSL2Emg6Xn 7cHA==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1783364862; x=1783969662; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=sI9mEITlSxNm1/HBjxfV31s1yHaF/gh5yPrFI2/IKRA=; b=Rl4p8r795CzbAQIO8v5/cDyKCPLcevCef4M0r3mDFzUsQJLhwBn6Ap1ZmnvDYDz6Xv dx87O1imHnjThGMQrJfDR3pSPoyjPPSyYGW/C9eVkuvvbvMvaGdvpOxfU3hbeP2P4GEf 413q1BaowfyWR96fy6R9JHG+mENJOVjcHoNBmL1qvc9W4nSXFljdvgl5vwcyeZT/xKea 1SSNrZD/bPdD9nXmvujNS1gSVTFbTm7oPu5qydDCT2MW9KGAXR+zQrsk3Kav5tEopJmD druaqqV1//DahriBHoq4Dz6zdyws4V7s/f+s6PIUiCkoAAExG5utO8++hlrCCcnI648O Vy1A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783364862; x=1783969662; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=sI9mEITlSxNm1/HBjxfV31s1yHaF/gh5yPrFI2/IKRA=; b=IY6uKCRhT2s8cu/zGV8+n5PyuBUVVTfqxl9U6REUbV8M6TeOOkxXgasGxh+880EXhG n/oWrlUU7QLvn9LYZq1kR50tGnsPg4JcZtvuAMUQN6sGUnz+bKmDNqkPEvXNwyJkgwAP 5NO8p+WrGjaFhHyeWCpBLdgUPJQeuGOEXVGpMjXxE7G444fNG/zrxVGCE4VOgayk1QnU rpZZUOs8H6eEG+JxiQYPXca28FfEfgv+ZFbVO4adPx22+cqsV2GruvWEEBN+lUfmkGzj H/rfyn1YPH9WTzjWgHLmMJy71YeONFK62X+yuVuWk4wDAI5HjcToH7EEZwa+bf5CCqQw J2wQ==
X-Gm-Message-State: AOJu0YzpZc81byYnXxvnjTRuhZ2GtJpLKeZgTEvyu6WgrvhZDERd91dU QDBrorJYv6tR+v5bnK41IDeDMWXk65SuQlmwcZ/gDycAIr0+wsFsDqzieWat0Hjq1nk4BvwlL+S lLypnQYa+6JxlkQnIwVSGFJ2/1NFs8bA=
X-Gm-Gg: AfdE7cn9+R+B5pFZkIb0dMCJsi4mqyEHbbAGLrKdXWXfQfYbZTWeQnv50oKsFl5iyOm p53/ePd3Dznm5ZQsSBA1sF4zL61Uj3p3rZtHYUTJYygGcbptg0Y5OC6TDPSIBQoKDb0CYUctZmE SdKPgbMovoiei8UYe6gASdijq7EzbASJWrKx2egOWJ6rZkpRZdbWo3WcIVnFaUSSEY+W3uAaRwC c0aasaAmWorrXZKlW91yLu4LXPWaZhFaSXV6CJJMWbG3qCeIpbeVzoMAP0hnBAR7F5rzfsbAHyS QY54LIRA5wEzHusB7cCElbAsCEFHNOPs8e9mppfwliEcQ4wDdA8WhCA=
X-Received: by 2002:a05:6512:3da0:b0:5ad:5800:1b84 with SMTP id 2adb3069b0e04-5b007b6ea03mr358499e87.4.1783364862063; Mon, 06 Jul 2026 12:07:42 -0700 (PDT)
MIME-Version: 1.0
References: <27205.4140.707940.589907@fireball.acr.fi> <CAL0qLwYRBCs8hg=EZ-dg1VXFgQA7q6+X5kpqWz_AkpgwSG3WmA@mail.gmail.com> <27206.31399.682572.492683@fireball.acr.fi>
In-Reply-To: <27206.31399.682572.492683@fireball.acr.fi>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Mon, 06 Jul 2026 12:07:28 -0700
X-Gm-Features: AVVi8CchFJJEmne9DiS2v9foNx--4Z_tRjbPU9p2yqE89VZaDQgV_ZxAJPCLlu8
Message-ID: <CAL0qLwZqgTC5jhx+xxfPh6_0MKWNf6G-hs62a=wqp7=chR_3Vg@mail.gmail.com>
To: Tero Kivinen <kivinen@iki.fi>
Content-Type: multipart/alternative; boundary="0000000000001bb9080655f5fda1"
Message-ID-Hash: YH3ER5FANNVD3DMGPFF7TWU54HJYLRBI
X-Message-ID-Hash: YH3ER5FANNVD3DMGPFF7TWU54HJYLRBI
X-MailFrom: superuser@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dmarc.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dmarc@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [dmarc-ietf] Re: Review of draft-ietf-dmarc-arc-to-historic
List-Id: "Domain-based Message Authentication, Reporting, and Compliance (DMARC)" <dmarc.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/UABbYzlibYoSrcJUInI-M_p8tFM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Owner: <mailto:dmarc-owner@ietf.org>
List-Post: <mailto:dmarc@ietf.org>
List-Subscribe: <mailto:dmarc-join@ietf.org>
List-Unsubscribe: <mailto:dmarc-leave@ietf.org>

On Thu, Jul 2, 2026 at 7:50 AM Tero Kivinen <kivinen@iki.fi> wrote:

> > I think we need to consider whether the success criteria were met
> > generally.  I would argue that an existence proof, while
> > interesting, is probably not sufficient to establish consensus that
> > the experiment was broadly successful.
>
> So you say it is fine to change the goals of the experiment to make
> sure we can mark it as failed, as some big players do not want to
> continue using it.


I don't think I'm changing anything.  I think there are two questions to be
answered.  One was laid out in the success criteria in the RFC: Does this
technology yield the results we were looking for?  The answer to this seems
mixed: some large operators say "no", while some small operators say
"yes".  The other, I would argue, is implied for any experiment that's run
this long: Does the community at large find this useful enough to deploy
it?  The answer to this appears to be "no".  If, on the contrary, the
community had found value in it, vendors of all sizes would have broadly
deployed it by now, and we wouldn't be having this conversation.

> Put another way: You say it's valuable, but as I understand it,
> > operators handling enormous mail volumes across the broadest
> > cross-sections of the Internet have found that it's not.
>
> Yes, they are no the target audience for the ARC.


RFC 8617 didn't include an audience constraint.


> Note, that none of those big players have even implemented per user
> trusted forwarders list that would make ARC useful for validation
> purposes.
>

This supports the complexity argument.  And RFC 8617 didn't advise anyone
that they needed to build per user trusted forwarder lists.

Perhaps ARC by itself isn't enough; implementing several other things is
required for it to be helpful, which is enough to dissuade people from
using it.

Checking snapshot my logs in iki.fi from yesterday, and there was 8973
> arc=pass results, 666 arc=reject results out of 149538 emails my
> random snapshot included. That is about 6% of emails passed through
> had ARC headers that passed.
>
> Whether 6% is good results from this random sample I do not know, but
> it is not that low either.
>

How many distinct domains does that represent?


> Note, that there are lots of places who do NOT want to participate in
> experiments, thus they do not want to use anything that is marked as
> experemental and the participation might be different if this was
> actual standard not experimental RFC.
>

On the flipside, Trent has stated that they're being pressured to implement
ARC because ARC has an RFC, irrespective of its status.


> That is not really an experiment, that is deployment. In experiment we
> see whether this is useful, and then when we found out that it is
> useful, we can start deploying it and then we should be seeing how
> many people actually start using it.
>

The experiment has run for seven years.  What do you propose as a next
step?  Standardize it?  Maybe I'm wrong but to me there doesn't appear to
be momentum for going any further, and I'm not sure a status change to
Proposed Standard will make a difference.


> DKIM2 is going to be much more complex, so if ARC failed because it
> was too complex. One way did cause much more complexity was because it
> required forwarding MTAs to start actually checking SPF, DKIM, and
> DMARC. Before ARC they could simply pass everything through without
> modifications can assume that end MTA will sort things out (except for
> SPF, which would fail anyways, but that is different thing).
>

DKIM2 appears, so far at least, to have the momentum needed to overcome
that complexity, and deliver signal that operators find useful.  ARC
doesn't appear to have developed that momentum.

What might change that?

-MSK