Calconnect’s TC-CALSPAM group is currently looking at this issue and
yes, the reason is because of real world corporations that use multiple
brands with different domains. Typically employees got a single email
address on one of their domains but often work with people who have
email addresses in different domains.
Oh, OK.
It sounds like they're asking DMARC to do things it doesn't do. If you
can't ensure that everything sent with your domain on the From line is
signed with your signature, you shouldn't publish a DMARC policy.
While I am not opposed to a future tweak to DMARC to add some way to say
that A can sign for B, even if we did it, it would be a long time if ever
that DMARC verifiers implement it. RFC 6541 added a third-party signature
option to DKIM in 2012, and after nine years, nobody implements it.
This is not the same problem as we have with mailing lists. If your
user's Sender and From domains belong to the same owner, it should be
a SMOP to add a signature in the From domain. I'm not saying it's
trivial, but this is how DMARC works. The rest of the world will not
change the way it works to adapt to your situtation rather than you
fixing your setup to work with DMARC as it exists.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
