On Wed, Apr 19, 2023, at 12:35 PM, Alessandro Vesely wrote:
> On Wed 19/Apr/2023 15:37:25 +0200 Laura Atkins wrote:
> > To me it’s not so much the company can’t delegate authentication - it’s how
> > many SaaS providers (some of which are ESPs and some of which are 3rd
> > parties
> > that send through ESPs) are incapable of supporting DMARC alignment. Not
> > it’s
> > hard, not it’s challenging, but simply … can’t. They cannot sign with
> > foreign
> > DKIM domains, and they cannot support different domains for SPF
> > authentication.
> >
> > Should DMARCbis make the recommendation that if you are providing mail
> > services
> > that you SHOULD be able to support corporate customers using DMARC?
>
>
> IMHO at least an appendix should say that if you can't do anything better you
> have to rewrite From: with examples of legitimate display-phrase, expanding a
> bit the first bullet in Section 11.4. That can also be a good place to
> explain
> the kind of damage DMARC causes.
That's what I'm getting at. I don't really see any difference between a mailing
list and someone providing mail services (I won't use the word ESP since that
seems to be a loaded term) for corporate customers (I would also add government
customers, who are adhering to BOD 18-01 in droves and they are also adopting
said companies providing mail services)
The choice for both the mailing list and mail-service company is to:
1) ignore DMARC and continue to emit mail as the original author intended (the
author might be ignorant of DMARC too) and assume the mailbox providers are
smart enough to understand that, like mailing lists, mail-service companies and
their mail emitting authors shouldn't be caught up by a DMARC misdeployment by
the domain owner
2) be cognisant of DMARC's effects, and in the interest of keeping the author's
mail flowing, use a different domain and put the author's address in the
friendly from or similar, or just refuse to accept the messages, until
delegation can be set up.
I can say, anecdotally, that people really really want #1 to be true, but they
eventually learn #2 leads to a better long term outcome. I'd like that
"learning" to be less painful by having something unambiguous to point at in
DMARCbis.
Jesse
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
