On 19/12/2012 22:45, Joseph Humphreys wrote:
Hi, Roland.
Thanks for the suggestion. We are considering something like this, but there
are two reasons why it's not ideal for us.
First, we occasionally have to change which set of MTAs a particular customer's
mail goes to. So adding another set of MX records managed by the customer is a
bit of a problem. It's manageable, but not great.
Easy to fix:
esp.customer.example MX 0 customer.esp.example
Now it's back in your control, just adjust the A record(s) for
customer.esp.example as required when you would previously have adjusted
the domain name in your MAIL FROM. Your customer is not involved except
in creating the MX record in the first place.
We would also have to configure our MTAs to accept mail for this subdomain of
the customer's organizational domain. For various reasons I'd prefer not to do
that.
Depending upon what your concerns actually are, this is only slightly
harder to fix: use SRS (or some equivalent VERP/BATV scheme) to generate
and sign your return paths. You then don't care what domain a bounce is
addressed to, either:
* its SRS/BATV signature validates, in which case you accept and
process the bounce regardless of the domain, or
* it doesn't, in which you discard it.
MAIL FROM: [email protected]
Granted, this requires more invasive changes than straightforward DNS
changes.
- Roland
--
Roland Turner | Director, Labs
TrustSphere Pte Ltd | 3 Phillip Street #13-03, Singapore 048693
Mobile: +65 96700022 | Skype: roland.turner
[email protected] | http://www.trustsphere.com/
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
