On Thu, Aug 13, 2020 at 2:33 PM Doug Foster <fosterd= 40bayviewphysicians....@dmarc.ietf.org> wrote:
> The current DMARC architecture supports authorizing a vendor to mail on > behalf of their clients if the client includes them in their SPF policy or > delegates a DKIM scope to them and they use it. > > > > I agree that SPF is too limiting (including hard limits on complexity), > and DKIM is too complex for an uncooperative vendor. > > > > In most cases, a solution would be a controlled third-party signature > authorization along the lines of RFC 6541. > > The client would configure the authorization in his own DNS and the and > the vendor would only need to sign with their own DKIM signature. > If "DKIM is too complex for [this] uncooperative vendor", why would having the "vendor...sign with...DKIM" be workable? --Kurt
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc