> On 29 Jul 2020, at 13:46, Todd Herr <todd.herr=40valimail....@dmarc.ietf.org> > wrote: > > > > On Wed, Jul 29, 2020 at 6:55 AM Laura Atkins <la...@wordtothewise.com > <mailto:la...@wordtothewise.com>> wrote: > > I’m not sure why deliverability people are even mentioned here. The problems > with DMARC primarily affect one-to-one or one-to-few mails, not bulk mails. > The breakage DMARC causes doesn’t really affect marketing, newsletters or > anything else sent through automated systems. I mean, yeah, some folks aren’t > going to get their bulk mails because of DMARC failures but mail fails all > the times for lots of different reasons. > > Perhaps Autumn's use case and its mention of a bank that can't do DKIM > signing lead me down a path that may never be followed.
I don’t think the bank is sending mail that isn’t DKIM signed, I think DKIM signatures have the same inherent alignment failure of SPF - where the admin assistant sends out a MTA for their business unit/domain but uses the From: address of an executive of a different business unit. That MTA signs for the domain it is supposed to sign for. Possible my assumption was incorrect. > Where my mind went was to a place where an ESP was employed by a brand to > send mail, either bulk or transactional (or both), and such mail was sent > with the ESP domain as the domain in the "Sender:" field and the brand's > domain as the domain in the "From:" field (or vice versa), with each domain > publishing DMARC records. In such a scenario, it's possible that conflicting > DMARC validation results could occur, leading to the concern over how such > things might be handled. There will possibly be places where folks will choose to use Sender for ESPs, but most ESPs are currently willing and able to provide alignment for their customers. I can’t really see the ESP wanting to step into the sender role here particularly when their customers are already aligned. I can also envision a situation where the ESP doesn’t want to be the sender because that may impact their legal liability and responsibilities. Longer term, though, this could actually be really beneficial for companies who are using ESPs but can’t, for whatever reason, align their mail at the ESP. The ESP can step in as “sender” (where sender is customername@espalignmentdomain.example) and have that DMARC align. Right now it’s not an issue as there is no delivery hit for sending mail without a DMARC policy statement. But, if we ever get to the point where p=quarantine or p=reject is required for delivery, the ESP can handle that for their customers using the Sender: header. On the other hand, this would solve the problem where so many small business owners and ad hoc groups got shut out of using ESPs when Yahoo! sprung p=reject on the world. The ESP could use the Sender: field and it doesn’t matter that the mail wouldn’t align with Yahoo. I do remember hearing at one point some of the big commercial groups were including ESP outbounds in their SPF records to compensate, so this would be less overhead. Need to think about that a little bit because I can see some potential attack vectors. > If this is not a possible use case for these header fields, then please > accept my apologies for bringing deliverability into the discussion. I hadn’t thought about this for ESP mediated mail. But you have made me think a little harder about it. laura -- Having an Email Crisis? We can help! 800 823-9674 Laura Atkins Word to the Wise la...@wordtothewise.com (650) 437-0741 Email Delivery Blog: https://wordtothewise.com/blog
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
