I sent this message and then realized that Ald has given us a very relevant example of onmicrosoft.com. The lease-holders send mail, the parent domain does not. Our design needs to ensure that client domains are kept separate for alignment purposes. I don't think client domains have the ability to publish any DNS records, so they cannot participate in DMARC.
Most clients use @domain.onmicrosoft.com as a temporary bridge toward moving their domain onto Office365, so they not likely to worry about protecting the domain name from abuse. That makes these domains into prime candidates for impersonation attacks. DF On Tue, Feb 1, 2022 at 6:46 AM Douglas Foster < [email protected]> wrote: > What do we know about lease-granting domains? > > Do the lease-holders use their domains to send mail? > Is the parent domain used to send mail? > Do we have any examples that participate in DMARC now? > > The only example I have encountered is an ISP, where clients are given a > primary account of [email protected] and a website of username.isp.net. > The leased domain name of username.isp.net would be important for > cross-site-scripting, but would not be relevant for us because the lease > cannot be used for email. > > Doug Foster >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
