You cannot make sense of it, John. I understand the difference between submssion and SMTP.
The asserted increase in complexity is not from adding a single signature, it is the requirement to apply a different signature to every message depending on the generated From domain. Are applications like the one the Alessandro mentioned readily available and easily implemented, so that conditional signatures are no hindrance to DMARC compliance? If so, is third-party cooperation easily achieved and no obstacle to DMARC implementation? These are questions for the consultants who have done a lot of this work. DF ---------------------------------------- From: "John Levine" <jo...@taugh.com> Sent: 8/17/20 10:12 PM To: dmarc@ietf.org Cc: fost...@bayviewphysicians.com Subject: Re: [dmarc-ietf] DMARC failure scenarios In article <0762f9ada48c4c9eaef06e16a49a2...@bayviewphysicians.com> you write: >-=-=-=-=-=- > >Does this scenario correctly characterize how organizations may be unable to >move past p=none with breaking things? As far as I can made sense of it, no. >a) A vendor application detects an event, looks up in a database for sender >name (client contact) and recipient list. > >b) The application connects to a mail server via IMAP, and sends the message >using something like application@vendordomain >for the SMTP from and cllentcontact@clientdomain as the Message from. The >client domain becomes especially important if >the recipients are in a different domain than the client. An example might be >an HVAC system operated by a vendor, on >behalf of the building manager, which needs to communicate with the building >tenants. ... Again, no. You're confusing submission with SMTP. I have a printer that sends me e-mail when it's out of paper, which it does by sending mail to my submission server, not directly to me. If I were checking DMARC on the messages, they would easily pass since the submission server adds DKIM signatures. >Then the client wants to implement DMARC >---------------------------------------------------------- > >d) The client develops a list of all of its third-party mailers and tells the >third parties to begin applying the client's >DKIM signature to their messages. This adds a boatload of complexity to the >vendor's application, since he needs a >different applied signature for each client. It requires either major changes >to the application, a more sophisticated >mail server, or a special box simply to sit in front of the mail server to >detect and apply the correct signature. None of >these seem like generic off-the-shelf solutions. I would not know where to buy >that capability if I needed it today. Again, no. I believe that devices that send mail do what they've always done, send it to a submission server for further delivery. The "special box" has been there all along. R's, John
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
