> Members of the DMARC group have submitted two drafts
> draft-andersen-arc-00 and draft-jones-arc-usage-00 which describe a
> mutation of DKIM intended to let mailing lists coexist with DMARC
> without having to do ugly hacks like rewriting the From: line. I have
> reason to believe that several large mail systems intend to implement
> this reasonably soon.
Can you at least summarize where the drafts are in the process, and if they
require changes to senders, mailing lists, receivers, or all of the above?
ARC adds some new trace headers that provide a signed chain of custody.
If you're already doing DKIM signing or verification, it should be
straightforward to use upgraded DKIM libraries to apply them. Receivers
look at the ARC headers to decide when to accept a message despite DMARC
failure. As I said, big mail systems plan to do this. There aren't any
mailing list changes other than adding ARC headers which would be
invisible to users.
Are the proposals (which I guess are not yet adopted) complementary, or will
a beauty contest be required?
The work is outside the IETF, no beauty contest.
I think that ietf(_at_)ietf(_dot_)org needs to know if we'll have a solution in
time,
or if the secretariat needs to be asked to deploy mailman 3 sooner.
I'd be pretty surprised if Gmail started publishing a DMARC policy before
lists were able to deploy ARC.
Regards,
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.