[dmarc-ietf] ARC vs reject

Michael Thomas <mike@mtcc.com> Sat, 05 December 2020 19:50 UTC

Return-Path: <mike@fresheez.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C11CF3A0C3F for <dmarc@ietfa.amsl.com>; Sat, 5 Dec 2020 11:50:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.651
X-Spam-Level:
X-Spam-Status: No, score=-1.651 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtcc-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WvkonDY9GN9f for <dmarc@ietfa.amsl.com>; Sat, 5 Dec 2020 11:50:12 -0800 (PST)
Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com [IPv6:2607:f8b0:4864:20::436]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A90A63A0C37 for <dmarc@ietf.org>; Sat, 5 Dec 2020 11:50:12 -0800 (PST)
Received: by mail-pf1-x436.google.com with SMTP id w6so6218317pfu.1 for <dmarc@ietf.org>; Sat, 05 Dec 2020 11:50:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mtcc-com.20150623.gappssmtp.com; s=20150623; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=OokcHjenW19WF9zqg6D17eUj5VFf0VcgvFSFjTlWiIk=; b=zrMO/D6b53OFmg6pz9T2ys9N+p0Qs6CYxcubyZiIZ6i+rmy+7UGfgPbU9A9rzNFPJO GTkfYk6NaF8W/HGWvp/B7Y6YYU+5cgKKjKrjN3AZJlwhXbyzWKBCtt/srifBoHzQjC9P GiPT5MR6TixEbhCK+HCFzBHSOcz+wToC+uZAKffJ7mfRM2nMlkEjDhEKkqWhP52vkVXJ hm2LA3lCYhhCPvuypLU5eZxOlEKZKDuXu88BkqTZ/HFRsMBQWLDXBXzj/E8koqrpmvKh JflxaGg1320jmeT+52e57gkpoDPx0JlJ1yjRiymYs1cn0OANNYtVprFkC+Z+Cup5E6ST hR0A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=OokcHjenW19WF9zqg6D17eUj5VFf0VcgvFSFjTlWiIk=; b=gmmGtoJlxsZ0MNlBzBkIWJejaDfY+/ugegCFXIMnkMbYq016TIY9IcGy8lm1EliUp9 /tBWl26sDO0bmPzArEPtXGHPdabCeKaKveeg7HGPQQiYXl2jNownd6HXRDWGhqSXAM38 PXtNmmLeQoe+xFx9nkSsSF1HYccwThb3EMhr3T2JLP6vChMnnu8nsJp7vYz3KKYGl4Ar ie3OHmdbPwa1v1BrPAme3i2huqXbmEsBEiwvtixu9v5QsEP21lfM/CdlWeRR9H4c4Amt NTAbngO60I5rL7ShuF4pzId6iFduvv9i45sM6hxgk7Iw32H2HIdf9+8LnIYko+LJp5NK msVA==
X-Gm-Message-State: AOAM533sLsA+ozOo09btMCM2YF9XLfX17NTAIyvHRjZ+02GaB5KEquao ggaA1bTBxB0jGpqlnMFfHz3lovSo7ZidMg==
X-Google-Smtp-Source: ABdhPJwK1AVxK1AENE5Ew/UlO9GaNf/JWVM7A1UyYkTsxR2lqiEFOgwEcHVkY+FCGThASJxKsDUgzQ==
X-Received: by 2002:a63:5754:: with SMTP id h20mr12272975pgm.378.1607197811228; Sat, 05 Dec 2020 11:50:11 -0800 (PST)
Received: from mike-mac.lan (107-182-42-33.volcanocom.com. [107.182.42.33]) by smtp.gmail.com with ESMTPSA id u1sm5786376pjn.40.2020.12.05.11.50.09 for <dmarc@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 05 Dec 2020 11:50:10 -0800 (PST)
To: "dmarc@ietf.org" <dmarc@ietf.org>
From: Michael Thomas <mike@mtcc.com>
Message-ID: <4f2d2e0e-c773-95df-0958-12344e963b7a@mtcc.com>
Date: Sat, 5 Dec 2020 11:50:09 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.5.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/Ue6rXtShAxl9B-wFGhe7f1U2Ciw>
Subject: [dmarc-ietf] ARC vs reject
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Dec 2020 19:50:14 -0000

As I understand ARC, it is means of transporting the original auth-res 
to the destination in case the origin signature is broken by an 
intermediary. From there the destination can decide one way or the other 
to override the DMARC policy of, say, reject. There are, however, use 
cases where that is exactly wrong and in no case does the originating 
domain want such an override to happen. Consider my bank sending me 
transactional email. If somehow somebody managed to get that mail 
through a mailing list and arc-resigned it, my bank does *not* want that 
mail to be delivered regardless of the reputation of the mailing list 
because something weird and wrong is happening on its face.

Mike