On Tue, Aug 18, 2020 at 6:49 AM Douglas E. Foster <fosterd= 40bayviewphysicians....@dmarc.ietf.org> wrote:
> You cannot make sense of it, John. I understand the difference between > submssion and SMTP. > > The asserted increase in complexity is not from adding a single signature, > it is the requirement to apply a different signature to every message > depending on the generated From domain. > > - Are applications like the one the Alessandro mentioned readily > available and easily implemented, so that conditional signatures are no > hindrance to DMARC compliance? > - If so, is third-party cooperation easily achieved and no obstacle to > DMARC implementation? > > These are questions for the consultants who have done a lot of this work. > > DF > Not as a 3rd party, but we were doing ad-hoc signing for a large number of domains (hundreds) at our outbound border MTAs at scale -10s of millions of messages an hour, with the ability to scale much much larger for holiday peaks. This was done with both Ironport and MessgeSystems implementations. It's literally a very little bit of logic and code. As long as you have the private keys it's as simple as choosing the path to the correct signing key based on having the From domain. This was at various points done in Python and Lua. Michael Hammer
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
