> What I gather from Vlatko's posts is that there is a use case where an > entity (eg, a small business; called "ENTITY" below) wants its own > domain (called "OWNDOM" below) referenced in correspondence, but > prefers not to maintain a single presence (even as a VPS) on the > Internet.
nope. that's not what i want. i actually have a VPS for my personal domain. its MTA forwards all my email to my yahoo account, which i use to store, send, access from various places and ways and whatnow. actually, most of my IT colleagues have something like this done for themselves too. haven't we all? the point is that i choose to trust a 3rd ESP for my email, not my VPS provider. why? uhhh, many reasons, does it even matter? as i said, it is my sole right to decide who i trust to handle my email, and i want DMARC to upgrade itself to be able to respect that. anyway, what i propose is quite simple, pretty trivial and easy to implement, actually: http://www.ietf.org/mail-archive/web/dmarc/current/msg00813.html it also covers much more than just my use case; it covers use cases all falling into a group of DMARC 3rd party alignment support, at least on a small scale. actually, small scale support is what DMARC is lacking, for most part. transactional email is all great and fine, but most important email is one between real ppl, and that part gets, in many use cases, excluded from protection provided by DMARC in current alignment requirements. while u can fix MLs with all those DMARC-compatible workarounds, u still can't fix many use cases used by small domains, which is, actually, most of the internet. and my solution, being so easy, trivial, and quite simple to implement, solves all of that. also, it's easier than VBR, ATPS, TPA, TPA-Label, and moves trouble of authorizing legitimate email from receivers' error-prone, DMARC-policy-disrespecting, essential whitelisting to domain-owner's control, where it should be. and since DMARC provides reporting on domain's email flow, domain-owners have everything they need to evaluate what 3rd party domains they would like to trust. also, since DMARC 3rd party support remains specified in their own DNS records, they have an easy and quick way of dismissing any turned-malicious actor as soon as they like. what u r proposing, Stephen, instead, is not at all trivial or easy to implement, nor does it solve more than just my special use case. am i actually not advocating for it, cause it's rather a completely different ESP service from what's common practice now. is it better? maybe. however, worth implementing? doubtful. -- Vlatko Salaj aka goodone http://goodone.tk _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
