it seems to me that many of DMARC defenders don't understand main points of proposed 3rd party solutions, confusing them for ML solutions, and thus dismissing them altogether.
while it's true 3rd party support for DMARC would be able to solve ML DMARC problems, that path would most likely be used only by small domains, whose users rely heavily on mailing lists, and where there's already some trust between domain-owner and MLs. it's surely not a ML solution for entities like ESPs. that doesn't mean it's not possible, even for domains such as Yahoo. it merely means such domains would prefer to rely on simple and performance friendly rigid logic. however, that, again, doesn't mean 3rd party support isn't REQUIRED. i have no idea why it's not obvious to so many experts here, but my best guess is that their viewpoints are limited by their own environment. most of u seem to look at the problem from ur big towers, trying to create a protocol that suits ur big towers. however, many small buildings get smashed while u do so. not very nice. small domains do such extensive and complex things with their email path, one would find crazy, and for multiply of reasons: to suit their needs, their users, their finances, u name it. and it's all pretty legitimate and standards-respecting. yet, they r being excluded. excluded cause they r not a big tower environment. very shortsighted, if u ask me. there's only so many big towers; world is populated with houses. so, to me, it's obvious current DMARC alignment requirements are just too rigid for real world, and anyone who doesn't realize it is not only cracking down on the usefulness of email, but in a way, sinking their own ship [and i'm looking at yahoo here]. btw, i can already see cpanel/plesk/whatever developers ignoring support for DMARC in their software, limiting it only to DNS records publishing, without any receiver support. and i can see many receivers disrespecting p=reject altogether from overzealous domains, turning the protocol into whitelisting, essentially. nobody wants to break their customers email with a rigid standard [excluding 200kg gorillas in a porcelain shop]. ps. to state an example, if anybody doesn't get it. i have trust in ymail to send email on behalf of my domain, and i want a way to state that in my DMARC policy. pps. and no, there's no abuse hole there. ymail verifies ownership of an email address added to yahoo account, and only the account that verified it can send such email through ymail. am i crazy to trust ymail on such things? maybe, but that's solely my decision. not DMARC's. -- Vlatko Salaj aka goodone http://goodone.tk _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
