On 8/21/2015 3:48 PM, John Levine wrote: >> ReSenders haven't introduced any interoperability issues. DMARC has. How >> about: > > Indeed. I agree with the advice to refrain from blaming the victim.
On the average, a failure of a new mechanism to fully interoperate should never be cast as the responsibility of an entity that has been functioning legitimately since long before the new mechanism was defined. And to nitpick, I believe the relevant architectural classification for the entity of concern here is "Mediator". "Resender" is a subset and does not cover, for example, Mailings lists or Gateways. See RFC 5598. >> o MTAs sending email on behalf of multiple domains may require >> Domain Owners to provide DKIM keys to use DKIM to avoid SPF >> alignment issues. Managing DKIM keys with a third party has >> security risks which should be carefully managed. >> >> This can generally be done through CNAMES or subdomain delegation. I've yet >> to see anyone handle this situation by actually exchanging private keys >> across >> an administrative boundary. > > A manager at a well known ESP told me that one of the free mail > suspects gave them a DKIM signing key. (I forget whether it was A or > Y.) Is SPF "alignment" a valid term here? (The term does not appear in the SPF spec.) I thought 'alignment' was first defined in this space for DMARC and that it does not have formal meaning for SPF or DKIM. I assume what is meant is simply SPF validation. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
