Re: [dmarc-discuss] Email encryption services and DMARC

Wed, 11 Jul 2018 07:27:33 -0700 

Ivan,
Can you show sample/likely envelopes/headers that would cause the problem? It's not clear from your description why there's a problem. Are you saying that Cisco is running a service that impersonates author (5322.From) domains of *_non_*-customers? 

- Roland

------------------------------------------------------------------------

On 11/07/18 19:22, Ivan Kovachev via dmarc-discuss wrote:

Hello all,


I have a question regarding third-party email encryption services and 
DMARC.



For example, when using Cisco CRES the emails contain the From domain 
of the sender and the Return-Path is that of the sender so if they 
authorize Cisco CRES then emails will pass SPF and align with regards 
to DMARC. Emails contain no DKIM signature.



The recipient then replies and again emails go through the CRES 
servers, the From domain is that of the company that replies, the 
Return-Path is also that of the company that replies, however, they 
will also have to authorize Cisco CRES in their SPF in order for DMARC 
to pass. Again no DKIM.



The problem is that there are many other email encryption services out 
there and if the sender is using any of them then their recipients 
must also authorize them in their SPF records. This means that if any 
the sender or recipient is in DMARC reject when replying to such 
emails their emails will be rejected.



Has anyone come across this problem before and what have you done to 
solved it? Is using subdomains (in DMARC none policy) for this email 
communication the only way to go for now?



_______________________________________________
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)



--
I felt a great disturbance in the Internet, as if millions of marketers
suddenly cried out in terror and were suddenly silenced. I fear something
terrible has happened. -- Obi-Spam Kenobi, May 26, 2018


_______________________________________________
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)





















					Reply via email to