Dear DMARC WG, A draft has been submitted for review. It covers past failures while also providing a path forward.
I have experience with similar systems operating at much higher scale without difficulty or using much in the way of resources. Serving several very large ISPs worth of users making queries against every received message that then returned about 2 billion unique resource responses. Originally, the service was free. In the wake of a massive compromise of accounts, some fairly large ISPs are doing perhaps the only thing that is not (yet) ignored, DMARC. However, this new scheme only needs to sustain queries against already validated third-party domains, but that then fail DMARC alignment assertions. The number of resource records likely needed by large ISPs will be in the 10s of thousands. For smaller domains, this will likely only be a hand-full. Domains asserting DMARC alignment practices are receiving cooperative feedback from many receivers who are also acting on behalf of these domains to either reject or quarantine non-aligned messages. Comparing this feedback against their own outbound logs should permit fairly automatic alignment exception list creation that can then be kindly offered to their cooperative receivers. These record permit several mitigation strategies in the case of trouble. This scheme should reduce the amount of feedback collected or support required to deal with broken services. This can be done by creating an informal federation of third-party providers. Perhaps one of the requirements for being included in the federation would be to provide normal DMARC feedback. ;^) http://tools.ietf.org/pdf/draft-otis-tpa-label-00.pdf Regards, Douglas Otis
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc