Hello all,
I have a question regarding third-party email encryption services and DMARC.
For example, when using Cisco CRES the emails contain the From domain of the
sender and the Return-Path is that of the sender so if they authorize Cisco
CRES then emails will pass SPF and align with regards to DMARC. Emails contain
no DKIM signature.
The recipient then replies and again emails go through the CRES servers, the
From domain is that of the company that replies, the Return-Path is also that
of the company that replies, however, they will also have to authorize Cisco
CRES in their SPF in order for DMARC to pass. Again no DKIM.
The problem is that there are many other email encryption services out there
and if the sender is using any of them then their recipients must also
authorize them in their SPF records. This means that if any the sender or
recipient is in DMARC reject when replying to such emails their emails will be
rejected.
Has anyone come across this problem before and what have you done to solved it?
Is using subdomains (in DMARC none policy) for this email communication the
only way to go for now?
_______________________________________________
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
