I've been looking at examples. I'm not sure how to solve the problem of recipient perception of the subdomain. we have been so effective at convincing people that email addresses that look different from what you are expecting are a phishing attack and they should simply delete it that they do not respond to our subdomain emails but still fall for real pishing. yes, the irony is not lost on me.
Take a look at some of stuff you get from big brands. People don't seem to find off...@email.bigcorp.com very different from off...@bigcorp.com. These days most MUAs don't even show the address, just the From: header comment.
another issue with subdomains is the return address. maybe a customer can alias one domain on top of another but that also triggers suspicion on the part of the recipient. not sure how to handle that one.
Same answer. Suspicion? Of an address they don't even see?
DKIM selectors are for key management, ...
Maybe the "misunderstanding" speaks to a common conceptual model for outsiders?
I believe it is more due to not reading the documentation.
what are the implications of generalizing selectors to identifying different streams?
You have something that is not DKIM. See RFC 6376, particularly section 3.
You've already got the answer -- if you want the streams all to use the same domain, whoever manages the domain has to manage the DNS records, and if you want DMARC reports, arrange for someone to receive the reports and process them however is useful, which might include segmenting them by characteristics known to the domain manager. If the domain manager cannot or will not do that, use subdomains or different domain names.
R's, John _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
