On Wed 01/Jun/2022 12:42:03 +0200 Douglas Foster wrote:
Yes. But David said that Verisign forwards to your designated server,
rather than operating a mail store.
So [email protected] may forward to Hotmail while [email protected] may forward
to gmail., and [email protected] may forward somewhere else.
I don't think so. I did ask, but David started off by "someone forwards
[email protected] for me; I presume Verisign does." That implies he didn't
choose Fastmail.
Sending on behalf of [email protected] requires a hosting service that allows
you to send using a From domsin that does not match the Mail From domain.
As Todd pinpointed, publishing the public key in the right domain is enough.
David would be happy with just an SPF record. Why doesn't Verisign do both?
Then any authentication for one account becomes an authorization to
impersonate the other accounts, but a complete list of all possible sources
would cause PERMERROR for SPF even if it could be built.
Not if Verisign took care to outsource outgoing mail to a unique forwarder.
Verisign wants to be the S/MiME solution for any mailbox provider account,
not the competition for them.
They are short-sighted if they push S/MIME but disregard DMARC.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
