On Fri, Apr 18, 2014 at 2:00 PM, Franck Martin <[email protected]> wrote: > >> If you are willing to accept additional DNS lookups, you actually >> could use this to alleviate the mailing list problem, just by adding >> an include syntax for aligned domain lists. That would create a >> mechanism for people to make public, curated MLM whitelists. I >> hesitate to bring that up because I imagine some people won't like the >> idea of more DNS lookups, and I don't want the entire idea to get shot >> down by association. >> > > Not delving in the details, but I may be off base... > > It seems this solution is akin to have to add to your SPF record the whole of > Google cloud or Salesforce cloud, with a "trust us" we don't allow any of our > other members to send email on your behalf on any of our applications...
Yes, it is, unless the sender sets aside a more SPF-restricted domain to use for sending customers' mail. In fact it is very similar to including another organization's SPF record in your own, which does not seem uncommon. That doesn't seem to me like a shocking level of trust. > > https://dmarcian.com/spf-survey/google.com 212,996 authorized individual IPv4 > addresses > https://dmarcian.com/spf-survey/salesforce.com 228,934 authorized individual > IPv4 addresses > > I prefer that 3rd parties relay our mail mail through our servers. That is eminently reasonable, considering that your organization sends email as part of its core business, and is well prepared to take on that responsibility. Obviously, there are a lot of organizations out there who are not in that position. So I think the question is, does adding an "aligned domains list" feature encourage policies that are inherently unsafe? I would argue that authorizing a service provider to send for you on all of their IPs is not substantially different from authorizing them on one IP. Once you've authorized someone to send mail on your behalf at all, you are essentially trusting them to do it safely. Regards, Joe H _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
