On 4/14/2015 12:53 PM, Douglas Otis wrote:
Dear Scott and Hector,
DMARC offers feedback to help identify where a listing is
needed. This list can be placed in DNS using hash labels
and TSIG, for example.
Sure Doug, yes, there are ways to automate this. The feedback is there
and scripts can be written.
Since mailing-lists are likely to receive special handling
It might be assumed that those allowed to post have been
limited by subscription. Since a mediator may share a
domain having other uses, TPA-Label is able to differentiate
them to close a subscription gap. Any scheme to enable a
third-party must be very concerned about restricting
access. How would you envision access be restricted with
draft-kucherawy-dkim-delegate or
draft-levine-dkim-conditional? In many cases, the From is
already being munged.
Too complicated.
One assertion needs to be tested:
Does the ADID authorize the SDID?
You can query the ADID DNS database for this. How that data gets
there is a whole different issue. In the mean time, the WG should
work on the DMARC protocol making it ready for a 3rd party
authorization method. Doug, TPA is too complicated. I am not
convince it does anything more than what a simpler ATPS will offer or
a basic Yes/No Query of the ADID/SDID. TPA is essentially the same
lookup method but you tied extra meaning. I don't think its necessary.
Nonetheless, lets propose a new "sam=" tag in DMARC, "Signature
Authorization Method"
v=DMARC1; sam=tpa|atps|fs
This allows for the intelligent receiver to explore and learn which is
the best method.
--
HLS
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
