Dear DMARC WG,
A draft has been submitted for review. It covers past failures while also
providing a path forward.
I have experience with similar systems operating at much higher scale without
difficulty or using much in the way of resources. Serving several very large
ISPs worth of users making queries against every received message that then
returned about 2 billion unique resource responses. Originally, the service was
free.
In the wake of a massive compromise of accounts, some fairly large ISPs are
doing perhaps the only thing that is not (yet) ignored, DMARC.
However, this new scheme only needs to sustain queries against already
validated third-party domains, but that then fail DMARC alignment assertions.
The number of resource records likely needed by large ISPs will be in the 10s
of thousands. For smaller domains, this will likely only be a hand-full.
Domains asserting DMARC alignment practices are receiving cooperative feedback
from many receivers who are also acting on behalf of these domains to either
reject or quarantine non-aligned messages. Comparing this feedback against
their own outbound logs should permit fairly automatic alignment exception list
creation that can then be kindly offered to their cooperative receivers. These
record permit several mitigation strategies in the case of trouble. This scheme
should reduce the amount of feedback collected or support required to deal with
broken services. This can be done by creating an informal federation of
third-party providers. Perhaps one of the requirements for being included in
the federation would be to provide normal DMARC feedback. ;^)
http://tools.ietf.org/pdf/draft-otis-tpa-label-00.pdf
Regards,
Douglas Otis
_______________________________________________
dmarc-discuss mailing list
[email protected]
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
