(adding to the comments already posted...) On 5/21/2018 8:29 AM, Pete Holzmann via dmarc-discuss wrote:
* From 'R's perspective, they simply want those emails to show up in their "other inbox"
Most of the anti-spam technical work has focused on transport-related mechanisms, without much attention to end-user effects, other than reducing abuse. So, for example, possible changes in the user experience of standard email semantics, such as making threading or sorting problematic, hasn't been part of the discussion. The main argument for this is the very real fact that abuse has been crippling the system.
In a perfect world all software will perfectly implement DMARC. In the meantime, users get frustrated and email gets blocked.
Indeed. The original work on DMARC was for limited use, by large/bulk senders directly to recipients. The problems caused by re-posting the message, such as through a mailing list, were well-understood at the time. What happened, eventually, was that DMARC use was expanded to cover p2p mail, for which is creates more extensive problems. The expanded use was, again, in response to a service survivability threat.
*QUESTIONS:* 1) Is anyone working to solve these issues?
As noted, there is hope that ARC will help. I view ARC as a worthy experiment,. It's like but I expect its large-scale operation to be at least challenging. I suspect it will have complexities and fragilities that are significant.
2) Has there been consideration of a forwarding token that could validate all such emails?
There have been many alternatives considered. For starters, basic ideas always sound appealing but wind up suffering a death blow as soon as the idea is considered in detail, in terms of operational usability. That's not meant to discourage considering new ideas, but rather caution against thinking anything useful will be easy.
*SUGGESTION: * a) Since user+al...@dom.ain is a valid alias for u...@dom.ain ...
To emphasize the comments already made on this: It is an alias only if the hosting domain interprets it that way. There are no Internet standards for this, which has generally been beneficial, albeit also having some limitations. (FWIW, some years ago, there was a discussion about possibly standardizing some aspects of left-hand-side (mailbox) interpretation, but it stalled.)
b) Why not create a standard for personal forwarding authentication tokens? I.e.
I don't know what means exactly. (cf, above.) Feel free to post a note with the idea more fleshed out, in design and operations terms; that is, how would it work, exactly; consider which actors are involved, what they have to do, and what will convince them to do it. On the average, schemes are far more challenging to get adopted, by critical actors and to make operational for the long term at at scale, than people realize.
There have been some previous proposals that might be similar to what you have in mind, but I can't tell.
d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
