On 7/30/2020 6:39 AM, Jeremy Harris wrote:
On 29/07/2020 18:34, Hector Santos wrote:
Look at my DMARC record for my isdg.net domain:
v=DMARC1; p=reject; atps=y; rua=mailto:dmarc-...@isdg.net;
ruf=mailto:dmarc-...@isdg.net;
The atps=y [...]
So anyone out there can see that I authorized bayviewphysicians.com to
sign for isdg.net
It is really [simple.]
That works at a domain-controlled level. But people sign up for,
and write to, mailinglists on an individual level. Mismatch.
Very true. The authoring domain will need to have a way to add ATPS
records defining who has explicit authorizing to sign/resign on behalf
of the authorizing domain. This will immediately help resolve a
number of the scenarios for Authorized Third Party Signatures.
The individual user mailing list issue continues because of the use of
restrictive domains in a public arena where there are no controls.
There are two ways to deal with this:
1) Domain Organization policy. Does it allow its domain users to
freely use their corporate, company domains in a public professional
environment?
2) The MLM supported of a DKIM+DMARC+ATPS will restrict domains that
it can not resign.
The MLM needs to be updated to support restrictive DKIM Policy domains.
--
Hector Santos,
https://secure.santronics.com
https://twitter.com/hectorsantos
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
