----- Original Message ----- > From: "Joseph Humphreys" <jhumphr...@salesforce.com> > To: dmarc@ietf.org > Sent: Monday, April 21, 2014 9:01:16 AM > Subject: Re: [dmarc-ietf] alignment and parsing logic as optionals > > On Fri, Apr 18, 2014 at 2:00 PM, Franck Martin <fra...@peachymango.org> > wrote: > > > >> If you are willing to accept additional DNS lookups, you actually > >> could use this to alleviate the mailing list problem, just by adding > >> an include syntax for aligned domain lists. That would create a > >> mechanism for people to make public, curated MLM whitelists. I > >> hesitate to bring that up because I imagine some people won't like the > >> idea of more DNS lookups, and I don't want the entire idea to get shot > >> down by association. > >> > > > > Not delving in the details, but I may be off base... > > > > It seems this solution is akin to have to add to your SPF record the whole > > of Google cloud or Salesforce cloud, with a "trust us" we don't allow any > > of our other members to send email on your behalf on any of our > > applications... > > Yes, it is, unless the sender sets aside a more SPF-restricted domain > to use for sending customers' mail. In fact it is very similar to > including another organization's SPF record in your own, which does > not seem uncommon. That doesn't seem to me like a shocking level of > trust.
Yes indeed, but then, the recent breaches shows too much trust has been sprinkled all around. Many ESP will provide you with dedicated IPs for your sends, this allows you to control your deliverability, the email security, etc... They come at a price, but you have what you pay for. > > > > > https://dmarcian.com/spf-survey/google.com 212,996 authorized individual > > IPv4 addresses > > https://dmarcian.com/spf-survey/salesforce.com 228,934 authorized > > individual IPv4 addresses > > > > I prefer that 3rd parties relay our mail mail through our servers. > > That is eminently reasonable, considering that your organization sends > email as part of its core business, and is well prepared to take on > that responsibility. Obviously, there are a lot of organizations out > there who are not in that position. > > So I think the question is, does adding an "aligned domains list" > feature encourage policies that are inherently unsafe? I would argue > that authorizing a service provider to send for you on all of their > IPs is not substantially different from authorizing them on one IP. > Once you've authorized someone to send mail on your behalf at all, you > are essentially trusting them to do it safely. > I wish this would be that simple, more often than not, you are pushed into an agreement and can only negotiate mitigating factors as to lower the risk. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
