Re: [dmarc-ietf] ARC questions

"Murray S. Kucherawy" <> Wed, 25 November 2020 04:19 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2E8D23A0EAA for <>; Tue, 24 Nov 2020 20:19:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.199
X-Spam-Status: No, score=-0.199 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XEFlivB2vQQ1 for <>; Tue, 24 Nov 2020 20:19:22 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::a36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AC6F33A0EA7 for <>; Tue, 24 Nov 2020 20:19:22 -0800 (PST)
Received: by with SMTP id a186so200974vkh.9 for <>; Tue, 24 Nov 2020 20:19:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qGg97YOFinO14irRxey1WnGpVdP7cqEfd/nS0adFXoY=; b=aXBsxojmLQ5PdKFpTflh+TZaMrWm1NEGYaioMoErFvieiGXn0tKuWX7mAMu2C3FiWG XqTPBTwBscI3zSEF/TrpSumDCjFB629g/Oz+Va7DgUWJZXd0W0qxQcecwcYJBf0QvDUS bMAqgnDY75uFYKm+WtCCl0PPE0BlmgEXZlQfv1l8EB1qUmLyTuFoPYIP91R70bufUQ17 MdK0SG98WvNPSWg+tPfiT4VEpEdJQmurYplovxuylu8JKGZ8PsvQJ5e2gnb/dQoL6q+P 5UhfFlyNMQcCFtUQhOzxOXl5hYeDizO2zvcoClOjNihF0q5ymh9Gm53COugy40670Ve1 pZIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qGg97YOFinO14irRxey1WnGpVdP7cqEfd/nS0adFXoY=; b=lzRVFbib/Ka1l6m4T+OkMY8YIRLvV28bV/CQOew3zRT7kQc4Ml64ivJSWyuejPrlFc M/CsuZdiCRK/3xtDXifAWcOogt5OidRFSeYqzG2NZm/CKXYFKhWWh28dQHVA3u0nsgC7 /3uxP7o0HNwM/saQ73NdRmMN0C5pweu7FtVcJdg/NexbF09AFDMZzbjh0ZCLXUo/nkf8 bQENT94NrZR7aFT46LNKmDFTRQ+jCtQY/+OghgsdS77DZlHsGd+Avp18Mma/2g0rFZou mnfGZmpNtlIbBT0Bzhjy2T7/6NWmFdh30qmTt9gIi/1A4LUYLgq4JYvttSuZI+cFjbGh 3+Cw==
X-Gm-Message-State: AOAM531i9L5nwn/7mT90kMKvK0jfgNAfC5vLeofGgNdDHuJmmc2y5PaZ osDFBZ2debCXKEF0UUi6NmOiG0j2ryJ9AsUaOag=
X-Google-Smtp-Source: ABdhPJxEhqX72RQdLY48RTImi4fGN0eC6tAXke5w2wGIgUSZGvdamR+jEznv2r6KVndVIppH0/OCxaAgVT5oTtbNz7M=
X-Received: by 2002:a1f:36c1:: with SMTP id d184mr957524vka.13.1606277961488; Tue, 24 Nov 2020 20:19:21 -0800 (PST)
MIME-Version: 1.0
References: <20201124020453.AFDC027CE5C8@ary.qy> <> <> <> <>
In-Reply-To: <>
From: "Murray S. Kucherawy" <>
Date: Tue, 24 Nov 2020 20:19:08 -0800
Message-ID: <>
To: Douglas Foster <>
Cc: Michael Thomas <>, IETF DMARC WG <>
Content-Type: multipart/alternative; boundary="0000000000004e1b7d05b4e6bb94"
Archived-At: <>
Subject: Re: [dmarc-ietf] ARC questions
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 25 Nov 2020 04:19:24 -0000

On Tue, Nov 24, 2020 at 7:27 PM Douglas Foster <> wrote:

> Michael, I think the purpose is stated well enough:   Mailing lists want
> to keep adding their content to messages, without being blocked by
> recipients.   This means that they have to provide recipients with enough
> information for them to accept the forwarded content.   Google and
> Microsoft seem to be on-board with this project, so it seems pretty
> successful already.   This train is not easily stopped.

That sounds about right.  Put another way: DMARC's success is at least in
part stymied by what MLMs do that invalidates DKIM; ARC is an attempt to
carry forward from the MLM, in a credible way, an indication of what the
MLM saw in terms of DKIM results when the message got to the MLM.  So then,
although an author signature will fail post-MLM, the MLM signature will
pass, and the ARC data will tell you that the author signature was good
when the MLM got it.  If you trust the chain, then that can be an
alternative to the DKIM input when the final recipient performs a DMARC

Sections 1 and 7.2.1 of RFC 8617 do say all of this, though perhaps not as
concretely as one might like.

In my opinion, ARC does leave a lot of unanswered questions about how you
> use the data that ARC provides.   Again, the big organizations have the
> brain power at their disposal to figure that out for themselves, later.

This is why it was published as Experimental.  Its efficacy is not (yet)
known, nor are any side effects.  Although, now that you have me thinking
about it: It's been a year; have we any meaningful data about this yet?

It seems like a lot of software logic to create an ARC set, even more code
> to parse it, and even more code to use it intelligently.   This is a big
> problem if you are trying to write the code yourself, but a small problem
> if you have a big programming organization.

When I implemented it, there was a great deal of processing logic that was
recycled from DKIM.  That was advantageous.  But I agree, someone
implementing ARC with no context at all could easily find it a challenge to
get it to interoperate.