On Sun 18/Jun/2023 23:06:59 +0200 Ken Simpson wrote:
The hosting provider has to hook up everything for them and presumably, with enough encouragement, we could eventually get hosting companies to implement DKIM signing for their customers. That is not the case today.
Domain-based authentication was conceived exactly because end users have a hard time trying to understand authentication mechanisms. Hosting providers who cannot do DKIM, on the other hand, are certainly not professional.
Some transactional email providers provide a DKIM signing service with CNAME-based DKIM key hosting.
This trick is used when the signing server is detached from DNS. They create a public key and publish it under their own domain, then ask the user to publish a CNAME pointing to it. The user could have published the public key directly. The need to resort to pointers stems from difficulties in publishing long RSA keys, which required to increase the maximum length of TXT data in some DNS web forms.
Best Ale -- _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
