during domain parsing. Maintained by Mozilla,
the most current version can be downloaded
from a link at http://publicsuffix.org/list/.
+ See also util/renew-opendmarc-tlds.sh script.
Optional:
dmarc_history_file Defines the location of a file to log results
Signing
--
-arc_sign = <admd-identifier> : <selector> : <privkey>
+arc_sign = <admd-identifier> : <selector> : <privkey> [ : <options> ]
An option on the smtp transport, which constructs and prepends to the message
an ARC set of headers. The textually-first Authentication-Results: header
is used as a basis (you must have added one on entry to the ADMD).
Expanded as a whole; if unset, empty or forced-failure then no signing is done.
If it is set, all three elements must be non-empty.
+The fourth element is optional, and if present consists of a comma-separated list
+of options. The only option implemented so far is
+ timestamps Add a t= tag to the generated AMS and AS headers, with the
+ current time.
+
+[As of writing, gmail insist that a t= tag on the AS is mandatory]
+
Caveats:
* There must be an Authentication-Results header, presumably added by an ACL
while receiving the message, for the same ADMD, for arc_sign to succeed.
should try to stick to one ADMD, so pick a primary domain and use that for
AR headers and outbound signing.
+Signing is not compatible with cutthrough delivery; any (before expansion)
+value set for the option will result in cutthrough delivery not being
+used via the transport in question.
+
--------------------------------------------------------------