Dear DMARC discussion, It seems the proposed charter omitted considerations of a federation concept much like that of XMPP or single-sign-on but with one authority regarding abuse. A federation concept can offer an effective mitigation strategy for dealing with alignment issues. Methods to deal with spam are ineffective in this space so new tools must be considered.
There can be only one authority regarding abuse of the From header field, the DMARC domain. Concisely expressing this authority will inevitably be the price paid for continued acceptance of domain specific alignment policy assertions. As such, these assertions must avoid the disruption of legitimate (not as currently defined by DMARC) messages, but as eventually determined upon review by the DMARC domain. DMARC needs to accommodate a broad spectrum of use while avoiding easily gamed methods. Immediate elements likely needed might be to include a form sent the DMARC feedback requesting that a domain be informally federated. This might include details regarding the list of elements supported by the domain. Any one interested in being a co-author? Other issues might include: DMARC based acceptance based on an extended definition. Federation request forms detailing adoption of the various authentication strategies. (not just DKIM or SPF) Tracking federated domains to retain trust with follow on conditions imposed when abuse is detected. The following is a draft outlining this missing concept. http://tools.ietf.org/html/draft-otis-tpa-label-04 We hope to find a large ISP willing to work with us at establishing a large scale working prototype. Regards, Douglas Otis
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
