>I recall some earlier discussion about encoding information in From local >part, but if for no other reason, automatic addition of new email addresses to >contacts by some MUAs makes that highly problematic.
This trick also has patent problems. >DNS query to message-id.yamfsidlocalpart._dmarc.domain. The sender then >replies pass/fail/error. I think you will find that his has impossible scaling problems, particularly if you care enough about security to use DNSSEC to deter the usual poisoning attacks. There have been a variety of proposals over the years that publish per-message data out of band, so the recipient can check and see if the message is OK, and they all have the same scaling problem. Besides, you can get the same effect by taking whatever would be in that DNS record and putting it in the message, with a crypto signature to prove that it's real. The signature's validation key may come from the DNS, but that's OK since one validation key can be shared over many messages. We've just reinvented DKIM, perhaps with an extra field or two to include the yaimfs stuff. If you're worried about message mutations breaking the signature, don't sign the stuff that's likely to mutate. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
