ARC (Authenticated Received Chain)

[alancunn]

So I don't know whether this is best here or in the feature requests, but I would be keen to see an implementation of ARC http://arc-spec.org/ built into hMailServer or available as a plugin soon.

I know that there is an OpenARC library, but I wouldn't know where to start with implementing it.

Of course, I appreciate that ARC is technically still in draft form, but it has now been implemented by Google, so others will follow suit soon.

I have come to have an interest in this, after fighting for many hours to work out why e-mails weren't being received by the recipient when my server was the intermediary (As is common, and recognised, for mailing lists). In this instance I didn't want to completely re-write the message (new from / dkim / reply to etc), but some (possible) fault in hMailServer's scripting oMessage.addHeader / oMessage.Save was removing a CRLF from the boundary lines and changing it to a space in the body. This was breaking the DKIM bodyhash, therefore the DMARC which was set to reject

Increasingly, the large MX (Google, Yahoo, Hotmail) are implementing strict DKIM, SPF and DMARC policies. Without SRS (Sender Rewriting Scheme) and ARC, we will soon be completely unable to forward messages. We will only be able to send messages out from our servers and receive them in. Obviously, real life is a little more varied, and ARC is the acknowledgment of that. I think that ARC will therefore be needed if we are to continue to be able to forward messages...

Would appreciate others' more enlightened thoughts on this!

[Lee Thompson]

I'd like to see DMARC added to hMailServer as well (https://dmarc.org/ for info for the dev team).

[alancunn]

I'd like to see DMARC added to hMailServer as well (https://dmarc.org/ for info for the dev team).

Hi Lee,

Thanks for the comment. I think that DMARC would almost certainly need to be implemented as part of ARC and SRS. However, I may be wrong, so definitely worth clarifying.

[mattg]

I have DMARC records for my domains, but hMailserver doesn't do anything with DMARC information.

I'm guessing that what you'd like to see is DMARC being used for SPAM scoring incoming mail directly within hMailserver, or perhaps some DMARC reporting

There is also checking CAA records and DANE encryption for spam Scoring purposes
I'd also like to be able to use DNSSEC and DNSCrypt, but until the world uses certificates that can be verified correctly, and repudiated instantly, neither of these mean much.

Here is a thread started by Martin about plans for the future >> viewtopic.php?f=2&t=27191
(In saying that, Martin isn't about much anymore except for security updates. I've been using RvdH's builds for a while now >> viewtopic.php?f=10&t=30193&start=60#p203420 which are built on top of the current releases - got to love Github)