Domain-Connect / Templates

Templates for use in the Domain Connect Protocol
64 stars 201 forks source link

Create sender.net.domain-authentication.json #501

Closed edgarsendernet closed 8 months ago

edgarsendernet commented 8 months ago

Made changes: published a public key for signing the template and created a variable for DMARC policy.

Our algorithm will work this way: before redirecting user to the DNS provider, we check for the presence of DMARC policy on the target domain. If there is one, we leave it unchanged by passing just the spf_dkim group. We created 2 groups (spf_dkim and dmarc) for this reason.

The reason for initially going with p=none is that we have noticed quite a few users who forget to authenticate other mail servers or tools that they are using, and then run into issues with mail delivery from those if DMARC is set to p=quarantine. After a transition period, we will start suggesting p=quarantine by default.

pawel-kow commented 8 months ago

@edgarsendernet don't get me wrong. I don't asses whether p=none is right or wrong, just that there is a potential of misuse so either syncPubKeyDomain or warnPhishing should be set. Now that you added syncPubKeyDomain all is ok on my side. You may also go with static p=none or keep the variable as it is now. Just let me know if the template is final for merge now.

edgarsendernet commented 8 months ago

The variable will let us be more flexible when rolling out p=quarantine.

The template is final, can be merged, thanks.