On Thu, Aug 13, 2020 at 3:06 PM Neil Anuskiewicz <n...@marmot-tech.com> wrote:
> > > Tunable! You said the magic word I have a client now getting spoofing. > Tightening above p=none is a non starter as about 100% of MajorCRM emails > fail SPF (foo.majorcrm is the RFC5321.from), 62% of MajorCRM mail fails > DKIM, and 100% of MajorCRM Marketing * fails SPF (bar.some-esp.com). Oh, > and some local office has a random MailChimp account not authenticated. > > We can't turn the knob on policy and MajorCRM support says you can't have > your own mail from. Normally, with a client we would get on a screen share > with Bob (the doer of all things) at a company or some other efficient > arrangment to be able to make changes in applications, update DNS, test, > monitor. > > Here, there's this dept with control of the CRM, another for marketing, > another controls DNS, and a vendor says something isn't possible. > > So what you are saying is that you want an IETF working group to write a standard that papers over poor self control on the part of your organization. > My point is that it sure would be nice to be able to tune so that BigCRM > and BigCRM Marketing * mail would pass DMARC comfortably, and we could then > turn the dial on policy to cut off the spoofers without breaking legit mail. > > Yes, I know that this isn't the mailing list issue but tuning could solve > that problem, too. > > The way you solve the problem described above is to get control of your mail flows. I've worked with various "big CRM" vendors and they will gladly accept a delegated subdomain (they control DNS and therefore SPF and DKIM signing as well as publishing DMARC. There are other approaches as well. Your post illustrates one of the problems with the discussion on this list. People are conflating internal organizational issues with requirements for interoperability. You could always publish 0.0.0.0 -all for your SPF record and solve all your DMARC assertion issues very easily. Michael Hammer
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
