On Mon, Jan 31, 2022 at 3:51 PM Alessandro Vesely <ves...@tana.it> wrote:
> (This message is not going to be accepted by the IETF today, so I CC John > too) > Why wouldn't your email be accepted? > > On Sun 30/Jan/2022 05:25:30 +0100 Dave Crocker wrote: > >>> 3. The role of the function that uses the PSD and the role of the > >>> function that does a tree walk are identical. Since you apparently > feel > >>> otherwise, please explain. > >> > >> A PSD is potentially useful for DMARC policy determination if no policy > exists > >> for the exact domain or the organizational domain. It is not useful for > >> evaluating relaxed alignment. Only the organizational domain can be > used for > >> that. So I do not think you are correct. > > > > The RFC 9091 does not contain the word 'relaxed', so I'm curious about > the > > basis for your assertion of the limitation. > > > Let me ask if the following scenario is possible at all: > > .BANK admins decide to setup a DKIM signing service for .bank domains. > They > register dkim.bank, and accept and relay messages originating from their > customers, signing them with d=dkim.bank. (Compare to onmicrosoft.com?) > > They may consider that a tangible way to protect .bank domains. > > Will that work to validate, say, mail From: acco...@havenbank.bank? > > Let's be realistic, any organization providing a DKIM signing service (but > why would banks divert their mail flows to go through such a service?) can > easily sign in an aligned manner for any unique domain. I did this for > multiple domains (about 6,000) with different mail systems at various times > (Ironport, Message Systems, etc). If such a service or system couldn't sign > for unique domains on the fly, it shouldn't be used. The reality is that people are trying to jump through all kinds of hoops in support of a bad idea. Michael Hammer
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc