Re: [dmarc-ietf] Sender vs From Addresses

Thu, 25 Mar 2021 15:26:27 -0700 


On 3/25/2021 2:23 PM, John R Levine wrote:

While I am not opposed to a future tweak to DMARC to add some way to 
say
that A can sign for B, even if we did it, it would be a long time if 
ever
that DMARC verifiers implement it.  RFC 6541 added a third-party 
signature
option to DKIM in 2012, and after nine years, nobody implements it. 




Wildcat! SMTP implements RFC6541 "Authorized Third Party Signature" 
(ATPS)/ I'm sure I am not the only one and/or others have the options 
to enable it.


There are wizard for ADSP+ATPS and DMARC+ATPS:

https://secure.winserver.com/public/wcADSP
https://secure.winserver.com/public/wcDMARC


It works in proving the assertion by a 1st party Author Domain 
authorization for the existence of a specific 3rd party signer domain 
signature. Results are stamped in "Authorization-Results" header.



Add "atps=1" to your DMARC record and create a ATPS record to 
authorize 3rd party signature domains.


These domains are authorized to resign mail for the domain isdg.net


jchjykxmwknbyfge2bg4td6add264olh._atps TXT   ( "v=atps01; 
d=winserver.com;" )

kjshf2duqstols65zbhuytbbyr3zdecf._atps TXT   ( "v=atps01; d=gmail.com;" )

lykm653kj7yxeia665va7lszzthcx7jj._atps TXT   ( "v=atps01; 
d=beta.winserver.com;" )

pq6xadozsi47rluiq5yohg2hy3mvjyoo._atps TXT   ( "v=atps01; d=ietf.org;" )

tudfisabn5dz3vjm2kxcehc5attdbqh6._atps TXT   ( "v=atps01; 
d=santronics.com;" )


It can be managed like any other system.


This allows receivers to support a MAILING LIST that has resigned mail 
- the key problem we had since ADSP and now since DMARC because DMARC 
never bothered to even address the main concern with ADSP - the lack 
of a method to authorized a 3rd party.


ATPS offers it.


As to why the IETF.ORG mailing list does not support it or explore it 
and has chosen instead to rewrite, I don't know, but its so simple --- 
a DNS Lookup without any 5322.From tampering.


--
Hector Santos,
https://secure.santronics.com
https://twitter.com/hectorsantos



_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc























					Reply via email to