On May 29, 2014, at 5:05 PM, Kurt Andersen <kander...@linkedin.com> wrote:
> On 2014-05-29, 16:26 , "Hector Santos" <hsan...@isdg.net> wrote: > >> . . .the idea is to lookup a 3rd party domain for >> authorization to sign or resign originating author domain mail. >> >> . . .The problem . . . is that . . . [i]t would not >> scale for the larger domains > > I have to confess that I have not (yet) waded through the details of TPA > or ASL or ATPS, but from a corporate perspective, it would be extremely > unworkable for any but the smallest company to manage DNS records to > whitelist every list server on the internet that my employees would happen > to use. > > Even if I did, why would I want to give blanket permission for all of > those list services to sign on my behalf? I doubt that I would trust them > not to be exploited - even such a highly esteemed organization as IETF :-) Dear Kurt, There seems to be some confusion about how TPA-Labels would operate. It is an Authorization scheme. At no time would any other domain be able to sign on your behalf. It simply permits specific alignment exceptions regarding both domains and headers for those domains your company allows employees to use. This could also be setup to automatically authorize mailing-lists used by your industry, and all outsourced services without exchanging any credentials or granting network access. I doubt any company executive will today blithely exchange credentials to permit an HVAC firm to submit invoices. By requiring a Sender header field, Outlook will modify what is seen on the From header to say Intuit.com on behalf of Linkin.com when sending out invoices on your behalf. Recipients should not have a hard time understanding who both signed and sent the message. Most MUAs will even allow you to normally display the Sender header when it is there. Would this be a major issue for Linkedin? At least there would be a far greater certainty rogue messages will continue to be rejected as desired. Regards, Douglas Otis _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc