>Doesn’t this come back to the whitelist idea? For the green bar SSL certs >(Extended >Validation), the certs have a bunch of information encoded in it, and the >browsers have a >list of CA’s that they trust. AFAIK, the only way to do that for email is >through DKIM but >you wouldn’t highlight all DKIM-signed email, only DKIM-signed email that you >trust which >is compared against a whitelist.
> Yes, definitely. See RFC 5518 for one approach. This makes sense. We were talking about whitelists and DMARC a couple of weeks ago wherein if a message fails DMARC yet comes from a certain domain/IP, do not enforce DMARC. This sounds just like VBR. From Section 3 of RFC 5518 (http://www.ietf.org/rfc/rfc5518.txt): ==== 3. Validation Process A message receiver uses VBR to determine certification status by following these steps: <snip> 3. Obtains the name of a vouching service that it trusts, either from among the set supplied by the sender or from a locally defined set of preferred vouching services ==== Presumably, if VBR is already an RFC, why couldn't DMARC integrate with it? As a large receiver I would never trust a set supplied by the sender, but if I had a handful of locally defined vouching services, then I could use that to bypass a DMARC enforcement in the event that the message passes SPF and DKIM, yet fails alignment. --Terry _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)