DKIM2 and DMARCbis Have Landed
- Infrastructure
- Security
- Standards
- Open Source
The post announced that DKIM2 and DMARCbis have now landed, with the pitch that they modernize email authentication without throwing away the current stack. The practical change is that email systems get better ways to preserve authentication when messages are forwarded, rewritten by mailing lists, or otherwise touched in transit. That is the part the existing DKIM and DMARC world has handled badly for years. Several people pointed out that this is not really about making email harder for small operators. It is mostly a cleanup of brittle behavior that already punishes normal workflows and keeps domains from enforcing stricter anti-spoofing policies.
If you run email for your company, plan for these updates as compatibility work rather than a strategic reset. They should reduce pain around forwarding and list traffic, but they will not solve the bigger operational problem that Microsoft, Google, and other large receivers still gate delivery with opaque reputation systems.
-
stalw.art
- Discuss on HN