If I followed Neil’s discussion of MajorCRM:
The current DMARC architecture supports authorizing a vendor to mail on behalf of their clients if the client includes them in their SPF policy or delegates a DKIM scope to them and they use it. I agree that SPF is too limiting (including hard limits on complexity), and DKIM is too complex for an uncooperative vendor. In most cases, a solution would be a controlled third-party signature authorization along the lines of RFC 6541. The client would configure the authorization in his own DNS and the and the vendor would only need to sign with their own DKIM signature. This is not an unreasonable ask for most vendors, but this particular one seems inexcusable. Unfortunately, the past attempts with third-party signatures have died for lack of interest. The clients of this vendor might be motivated to participate, but it would also require participation from the domains that receive messages from this vendor on behalf of the client. Dave Crocker’s proposal has the same obstacles because it is a form of third-party signature authorization. We would need to find a highly respected mailer who thinks they could stir up interest from their clients. But major mailers will not depend on a new system until they are sure that it is fully deployed. So the chicken-and-egg problem may doom every effort. DF
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
