On Fri, Mar 21, 2025 at 11:05 AM Mark Alley <mark.alley= 40tekmarc....@dmarc.ietf.org> wrote:
> If Joe Schmoe, an email administrator, signs corporate mail with DKIM2 but > have other mail streams that may not support it, or legacy systems > incapable of using it, would not DMARC still be needed to apply/report > to/for these other mailstreams in that scenario, or to protect from > external entities trying to spoof the domain? > > I've perused the draft, and unless I'm missing text somewhere, I don't see > where DKIM2 would fulfill the policy request for unauthenticated emails, > unless you're saying that DKIM2 usage (or lack thereof) would be akin to > ADSP-esque behavior in some way? > I think you're describing a world where a Domain Owner authorizes some mail streams using DKIM2 and some mail streams using SPF/DKIM as is done today. Obviously DMARC has a place in the authentication of those latter streams, layered on top of SPF/DKIM as it is now, but that's not the world I'm thinking of here. I'm thinking instead of a world where "DKIM2" exists and is effectively the only authentication protocol and its specification says "Receivers SHOULD reject messages that fail DKIM2 validation". What role could DMARC play in *that* world? -- Todd Herr Some Guy in VA LLC t...@someguyinva.com 703-220-4153 Book Time With Me: https://calendar.app.google/tGDuDzbThBdTp3Wx8
_______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
