I'm setting up a new ESP, and taking a fresh look at how to send on behalf of customers with their domain, authenticating with all the things: SPF, DKIM, DMARC. My target customers is not necessarily very technical, and was curious about how to simplify this experience.
I know that DNAME records exist, but I've always been curious why I haven't seen them in the wild at ESPs (yet). They seem like an interesting, perhaps ideal mechanism for my use case. As a reminder: "A DNAME-record is used to map / rename an entire sub-tree of the DNS name space to another domain. It differs from the CNAME-record which maps only a single node of the name space." RFC 6672 shows that DNAME has the status of "PROPOSED STANDARD": https://tools.ietf.org/html/rfc6672 Implementation: If a customer is comfortable sending as "From: u...@subdomain.example.com", they would be instructed to delegate "subdomain.example.com" to our ESP with DNAME, and then our systems can setup SPF, DKIM, DMARC without any further customer input. Question(s) for this group: 1. Can I expect DNAME to even be supported by receiving email servers, given that the RFC is a "proposed standard". 2. Are there limitations I'm not aware of otherwise. 3. Or some battle scars from using DNAME, that this group might be willing to share? 4. I'm still not clear on the DMARC lookup rules for subdomains. In the absence of DMARC records on the subdomain, the DMARC record on organization domain becomes the policy. It sounds like in the case of DNAME, would one have to setup explicit DMARC records on several subdomains too, since I still would not control the organizational domain? -- Brian Toresdahl
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
