If your customer trusts you enough to allow you to sign their
organisational domain (i.e. they've published a public key with a
selector that you proposed, or given you the private key of an existing
pair) then, presumably, they'll trust you enough to publish SPF, MX and
- assuming that you want the feedback - DMARC records for an
ESP-specific sub-domain:
esp.customer.example TXT "include:_spf.esp.example"
esp.customer.example MX 0 bounces.esp.example
_dmarc.esp.customer.example TXT "v=DMARC1; p=none;
rua=mailto:[email protected]";
MAIL FROM: [email protected]
DKIM-Signature: v=1; ...; d=customer.example
From: [email protected]
This can pass both SPF and DKIM, send the bounces for this stream back
to you, maintain DMARC alignment for SPF (which may improve
authentication coverage) and send DMARC feedback to you for your sub-domain.
- Roland
On 12/12/2012 02:45 AM, Joseph Humphreys wrote:
Hi, all.
I'm taking a first look at DMARC, and I have a few questions. My
interest is as a third party sending mail on behalf of another
organization, and I want to handle bounces for that mail. So if the
mail I'm sending looks like this:
MAIL FROM: <[email protected]>
DKIM-Signature: v=1; ...; d=example.com; ...
From: [email protected]
Date: Fri, Feb 15 2002 16:54:30 -0800
To: [email protected]
Subject: here's a sample
Clearly, the SPF identifier is not in alignment. However, am I correct
in understanding that this would still pass the DMARC check, as long
as the DKIM signature (which is in alignment) validates?
Assuming that's correct, would this be considered an acceptable
practice? I've looked at the FAQ question on third-party senders, and
I think what I'm describing corresponds to the suggestion A.2 there.
Has anyone suggested allowing the DMARC record to specify acceptable
third-party domains for the RFC5321.MailFrom? In other words, the
record for example.com could specify that a MailFrom of 3dparty.com
should be considered in alignment for the purpose of SPF checks?
Regards,
Joe Humphreys
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note
Well terms (http://www.dmarc.org/note_well.html)
--
Roland Turner | Director, Labs
TrustSphere Pte Ltd | 3 Phillip Street #13-03, Singapore 048693
Mobile: +65 96700022 | Skype: roland.turner
[email protected] | http://www.trustsphere.com/
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
