> On 28 Jul 2020, at 16:14, Alessandro Vesely <[email protected]> wrote: > > On Tue 28/Jul/2020 11:07:19 +0200 Laura Atkins wrote: >>> On 28 Jul 2020, at 08:36, Alessandro Vesely <[email protected] wrote: >>> On Tue 28/Jul/2020 08:54:02 +0200 Autumn Tyr-Salvia wrote: > >>>> # The resulting message uses [email protected] in the friendly >>>> From: field, but firstbrand.com in the SMTP MAIL FROM domain, so the >>>> headers are no longer aligned for SPF. >>> # >>> >>> Heck, can't they DKIM sign? >> This really misses Autumn’s point. [...] >> Autumn has presented a very real world scenario that demonstrates the >> overall complexity of mail management operationally. Your solution “sign >> with DKIM” has significant barriers to adoption. For instance, assume that >> there is code installed on the mailserver that will grab the 5322.from >> address and sign with the appropriate DKIM key. How many domains are >> involved? How many different mailservers? How long will this solution take >> to deploy? Banks do not move quickly and, for the obvious reasons, any >> changes to security require multiple reviews and assurances that the >> implications are understood. > > > If the bank delegates a subdomain to each trusted subsidiary, each subsidiary > could manage their keys on their local DNS and email servers. If the bank > can afford "relaxed" DKIM alignment, they can sign with > d=local-branch.bank.example and From: [email protected]. What's the > risk of doing so?
That does not address the problem Autumn brought up at all. laura -- Having an Email Crisis? We can help! 800 823-9674 Laura Atkins Word to the Wise [email protected] (650) 437-0741 Email Delivery Blog: https://wordtothewise.com/blog
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
