Vlatko Salaj writes: > sure, [my proposal] doesn't scale well to support more than a dozen > domains, which isn't a complete solution for mailing lists, but it > can be used in special cases when u have mailing lists that > can't/won't adapt to DMARC in any other possible or suggested way, > and u can't use any other developed workaround. > > also, this whitelisting solution does fix quite a few other > use cases that DMARC without any 3rd party support simply > has to exclude. and most of those, if not all, r small scale > use cases, majority of worldwide scenarios.
OK, I guess I'll have to take a closer look at the idea. > however, such practice essentially dismantles any strength DMARC > has, cause once services start treating reject as > anything-but-not-reject, it will become a common practice, and > puff... away goes strong phishing protection. I think you dramatically underestimate the intelligence that will be applied to this by the big mailbox providers. First, the most vulnerable domains and users (banks and their clients) are reasonably easy to identify, and reject will continue to be treated as reject for those Author Domains. Second, use of "p=reject" by public mailbox providers has so far been associated with security issues, and other public mailbox providers (eg, Comcast) have made a point of dissociating themselves from "p=reject". It will be difficult for them to adopt it -- unless they find themselves in a desperate security situation like AOL and Yahoo! did. > why? cause it will enable domain-owner to specify services it > considers more or less, but, trustworthy enough, to deliver its > mail. I don't think it's that easy -- the domains that matter most are the big public providers and ISPs. The domain-based 3rd-party auth schemes have a severe scaling problem in those cases. I think the dkim-delegate scheme actually is likely to scale better, and adapt better to individual user needs. _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
