On Sat, Apr 1, 2023 at 3:13 PM Jesse Thompson <[email protected]> wrote:
> I just read https://datatracker.ietf.org/doc/rfc6541/ (or, re-read, I > can't remember) > > I'm struggling to understand how ATPS is significantly better than > delegation via DKIM CNAME records. I can see that it's simpler for a domain > owner because they need only set 1 ATPS record vs. sometimes 3 CNAME > records (for key rotation). But that's not enough to justify adoption. > ATPS is Experimental. I don't think it's a serious candidate for solving the DMARC problem. There's also a "conditional signatures" draft floating around someplace. To answer your question, ATPS was among other things a substitute for delegation via CNAME when the author domain doesn't want to give some other party the ability to generate its own signatures as the author domain. There was never, at the time it was written, a demand for doing this at a user level. Also, DKIM has never been tied to specific individual email addresses because there's no reliable way for an external entity to verify that the email address is even real, much less meaningful within the domain. This was ultimately why use of "i=" in the DKIM signature never really took off. -MSK, participating
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
