Re: [mailop] DKIM signed with parent domain

Fri, 26 Jan 2024 18:21:59 -0800 

On 1/26/24 16:06, Gellner, Oliver via mailop wrote:
Independent of this I wouldn’t use [email protected] as a sender address to external recipients. This doesn’t look professional, 


I'll agree that sending from root@<HostFQDN> is not best practice.  But 
I don't know if it's unprofessional per se.



makes replying to those emails impossible


I question the veracity of that.


Including a Reply-To: and / or an MX for <HostFQDN> to a reachable mail 
server that is a smart host that knows how to deliver email to a host 
that's not directly reachable seems viable to me.



and in case hostname.example.org doesn’t have a public IP address 
it might also increase the risk that those messages are treated as 
spam or rejected, because they are coming from an unresolvable domain.



I question the veracity of anything that balks at a valid MX via smart 
host for a <HostFQDN> that is in and of itself unreachble.



After all, what is the effective difference in a host that's in a 
private network using a smart host for outbound and inbound mail and a 
host usually fully reachable / on the Internet that happens to be 
offline do to an extended power outage caused by a winter storm?



I think that there /should/ be /a/ system that is willing to handle mail 
for the system, but I don't agree that it needs to be /the/ /system/ 
/itself/.



Many MTAs provide ways to rewrite sender addresses, ....


Agreed.

What I don't agree with is the actual need -> requirement to do so.


Sure, masquerading sending addresses is a useful tool in the toolbox. 
But it's not the only tool in the toolbox.



This will resolve all questions about subdomains once and for all and 
doesn’t even require any changes to the applications which create 
the messages.



I question the veracity of that for multiple reasons.  Doing this on 
each source system will likely be a lossy operation and could have 
serious negative impact on systems inside the organization that would 
otherwise utilize the masqueraded source address.  --  Obviously I think 
that there are ways to make this email work even if the internal system 
isn't reachable from the Internet.  I have other similar / more obtuse 
qualms with the idea that masquerading will resolve all questions about 
subdomains period, much less once and for all.




--
Grant. . . .



Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature


_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop























					Reply via email to