Eric Johnansson wrote:
> Maybe the "misunderstanding" speaks to a common conceptual model for
> outsiders?
> what are the implications of generalizing selectors to identifying different
> streams?
The relevant DKIM construct would appear to be the signature domain parameters
(d={something}). This would seem like a more fruitful approach, although you'd
need your customer's co-operation on extracting and forwarding to you the DMARC
feedback rows which use your allocated sub-domain. So:
_dmarc.example.com IN TXT "...adkim=r..." (or no adkim=)
From: Example Inc. <[email protected]>
DKIM-Signature: ...d=sender.example.com...
The relaxed alignment rules only require that the 5322.From domain and the d=
domain belong to the same organisational domain, not that either be a parent of
the other.
More broadly, I appear to have missed the motivation for what you're doing:
DMARC implementations are most frequently aimed at detecting unauthorised[1]
use of domain names and are therefore an organisation-wide concern, rather than
that of an outsourced sender. They have some use as a check on misconfiguration
of sending infrastructure but, again, if an organisation is already using DMARC
to monitor unauthorised use of their domain names then identifying errors of
this type is a straight-forward part of what they're already doing. What are
you trying to use DMARC to achieve?
- Roland
1: No doubt someone will argue about the appropriate adjective here. It doesn't
change the argument about DMARC implementations generally being
organisation-wide concerns.
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
