>Well, I see the suggestion as more than this. > >Say I outsource salary processing to a 3rd party. They would want to send mail >from main.com - Subdomains is one way to fix this (give them >salary.main.com ), but they would have to have keys /settings for all their >customers (well, could be the same all customers creates CNAMES >to). > >But I instead created a DNS record like >selector.3rdparty.com._domainkey.main.com or >selector.3rdparty.com._domainkey.salary.main. ...
"This corner case configuration is inconvenient for me. Therefore everyone in the world should change they way they work to make my life easier." If your customers don't trust you enough to give you DKIM keys (keeping in mind that one of the reasons in has selectors is so that you can give a selector to a third party and then cancel its key if they misbehave), or you use a mail server that makes it hard to sign for your customers, that is your problem, not anyone else's. Many people have suggested various hacks for third party signing. Murry even implement ATPS in the widely used opendkim library. Approximately nobody uses any of them, since they provide no value to mail receivers. If it's important to you that your mail is signed so it passes DMARC, figure out how to sign it. If it's not important enough for you to do it, that's OK, but it's not important for us, either. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)