I proposed internally a scheme where we would compute a reputation for mailing lists, and ones which are sufficiently high will be whitelisted for DMARC. The issue that was presented to me is spear phishing attacks through mailing lists (which we've seen) ...
Eww. My lists are set up so that they trap anything with DMARC failures on the way in (it uses the regular taboo words check on the A-R header) but I suppose an OAR would be a reasonable token of good faith.
R's, John _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
