Murray S. Kucherawy writes: > we'd need to see some hope that widespread deployment is likely. > But we still have that pesky registration problem to deal with.
IMO there is no registration problem for mailing lists for this WG. True, if big p=reject domains won't buy in, it's probably not worth our effort to even think about it. But if they *are* willing to buy in, registering a *lot* of mailing lists, probably the great majority, requires only parsing the List-Post header out of incoming posts, then adding this to a global list or to the subscriber's profile. Indeed, registration itself is a cost, a small amount of storage space per user, a user database schema change I suppose, plus the changes to the MTA (or MUA or MDA/submission agent) to hook into the user data base to update the users' lists of lists and access them for third- party authorization. But these aren't huge changes, the costs can be estimated reasonably accurately I suppose, and I doubt they are prohibitive. This automated registration scheme may provide a vector for abuse (the spammer can get any address registered they like), but in the per-user case it's limited to one user, and only posts originating in the Author Domain can get the authorizing signature. Paranoid Author Domains might even overlay an "explicit opt-in" scheme to reduce the attack surface. Getting lists that don't provide List-Post would require some manual scheme, but I don't see that as a huge barrier either. The point is not that *we* should "standardize" such a scheme, just that it's feasible to automatically register enough of the lists actually in use by a domain's mailbox users to be worthwhile. For mailing lists, registration is not *our* problem. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
