Hector, does your proposal allow for constrained delegation? I think we
have a problem if this type of third-party signing allows any account at
the list domain to impersonate any account in any participating domain.
DF
On Sat, Apr 8, 2023, 2:01 PM Hector Santos wrote:
> Summary:
>
> I would
Hector, here is my take on the DSAP proposal. I am not sold.
DSAP notable features
1) DSAP policy can be used to identify and block non-mail subdomains of
registered domains.
This might be useful when mail-sending domains use p=(none|quarantine).
The equivalent result can achieved with DMARC
Summary:
I would like to reintroduce the DSAP (DKIM Sender Authorization Protocol) as a
DMARC extended tag extension -dsap. The original DSAP draft covered nine 1st vs
3rd party signature policies from a verifier viewpoint, which addressed
boundary conditions for DKIM signatures. The
