ESPs do this all the time. Do you really presume to tell the other
guy how to run their show?
One possible scenario I can think of where this might have some benefit
is if the customer fucks up their DNS and the signature doesn't verify
at the receiving end. If the ESP signed the message with their own
domain and did NOT fuck up their DNS at exactly the same time, the
message will still have at least a valid signature, if not an aligning one.
This comes across aggressively. Why are you mad? No one is telling anyone what
to do. The OP asked for ideas, suggestions, and things that other people do. I
offered him another way that works.
I also disagree with your premise that adding an extra signature does anything
helpful. Email should only have one from header and alignment will only match
up to the one domain in that from header. All additional signatures will be
ignored in DMARC validation.
Adding an extra ESP signature for backup just in case someone messes up the
alignment domain will not do anything for DMARC. That logic would imply a
scammer could include their scammer domain signature on a forged from address
to bypass the entire purpose of DMARC. Which you can't. And it's irresponsible
giving people a false sense of security implying they are covering themselves
by including a pointless signature.
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
