On 1/30/2022 4:34 AM, Alessandro Vesely wrote:
ANK admins decide to setup a DKIM signing service for .bank domains.
They register dkim.bank, and accept and relay messages originating
from their customers, signing them with d=dkim.bank. (Compare to
onmicrosoft.com?)
They may consider that a tangible way to protect .bank domains.
Will that work to validate, say, mail From: [email protected]?
Consider .bank.com, setting up dkim.bank.com, signing with dkim.bank.com.
Will that work to validate, say, mail from [email protected]?
Please explain why these two different cases should be treated differently.
In other words, the issue is with problematic operational policies,
rather than with needing to place special technical restrictions on TLDs.
d/
--
Dave Crocker
[email protected]
408.329.0791
Volunteer, Silicon Valley Chapter
Information & Planning Coordinator
American Red Cross
[email protected]
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
