On Thu, Jun 22, 2023 at 9:18 AM Sebastiaan de Vos <sebastiaan= 40inboxsys....@dmarc.ietf.org> wrote:
> In that case, if I understand correctly, Marty is sending his E-mail > untested and unmonitored. Is that not Marty's problem, really? Where are we > heading if we try to fix that problem? > You seem to be ascribing malice to Marty here where I intended no such thing. Marty has the right (as conveyed by their employer) to send mail using his employer's domain, and Marty wants to do the right thing and have that email sent with DKIM signatures that use the domain in the d= tag, thereby allowing the domain to claim responsibility for the message. Marty also has the right to engage a third party to send the mail (again, as conveyed by their employer), mail that Marty and others at Marty's company will create. The third party here is most commonly referred to, in my experience, as an Email Service Provider (ESP), but this is just one use case. The ESP knows how to DKIM sign messages, and can even do so using the domain of Marty's employer, so long as Marty is able to get the public key published in DNS. It has been my experience that as the size of an organization grows, the ability of Marty to get DNS records published and published correctly becomes more challenging. This is not a problem for the DMARC Working Group to solve, of course; I do think it's a problem for the larger community to solve, and as I posted up-thread, Domain Connect is one attempt to do just that. However, I do think it's a problem that we must be aware of as we consider whether or not to make a DKIM-aligned pass a requirement for a DMARC pass, as opposed to its current state of optional, where it's needed only when an SPF-aligned pass is not present. When we look at the numbers others have posted on the topic, and we see a perhaps higher than expected percentage of DMARC passes that relied on SPF only (or at least a higher than expected rate of DKIM failures) I'd posit that many of those DKIM failures are due to the challenges that Marty and people like them face with getting the key published. -- *Todd Herr * | Technical Director, Standards & Ecosystem *e:* todd.h...@valimail.com *p:* 703-220-4153 *m:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
