On May 8, 2014, at 11:34 AM, Shal Farley <[email protected]> wrote:
> Douglas, > > > A marketing advantage would be afforded to domains willing to do the > > "right thing" by indicating to recipients via a lightweight > > transaction whether a specific domain should be excluded from > > receiving a reject or quarantine. > > I know nothing of the legal argument, but as an email user I would argue that > should be a Sender domain, instead of or alternative to a From domain. That > would let me exclude the email lists of which I'm a member. > > That is, I'm perfectly content to let DMARC take out all the scam/spam > messages with forged AOL addresses, even those pretending to be from lists. I > expressly do /not/ want to whitelist all of AOL. But I want to allow into my > Inbox messages from AOL via lists that I know. It would be icing on this cake > if the list's own SPF or DKIM signature (if present) were used to > authenticate that the message came via the list I know. > > Making the whitelist personal to each receiving user avoids the costs and > other disadvantages of setting up a "list authority", but it does violate the > "you can't teach the user anything" principle, and it is also outside the > scope of DMARC itself. Dear Shal, Sorry about being slow to respond. I am working on a document that should permit Author-Domains a means to assert exceptions permitted for specific authenticated domains (based on their review of DMARC feedback as a means to permit actual user behaviors.). This is information recipients simply do not have and represents something that only the Author-Domain should be making. Authentication can use any number of methods such as SPF, DKIM, or even TLS and also stipulate content of a List-ID and/or Sender header field. I should have a version ready shortly to be published as an I-D. This might move rfc6541 to historic (if things go well). Regards, Douglas Otis _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
