On Thu, Jul 30, 2020 at 10:26 AM Jesse Thompson <jesse.thompson= 40wisc....@dmarc.ietf.org> wrote:
> I admittedly know nothing about ATPS, but I think its fundamental problem > is that it authorizes 3rd parties at the domain level and that makes it not > much better than SPF, just different. > Translated into IETF-ese: "I have not read your document but I do have an opinion about it..." ;-) Seriously though, yes, that's correct. Note that its status is Experimental; the goal was to see if this was a useful thing to implement and upon which to iterate if the experiment yielded positive results. But I think there were only ever about two implementations. Email domains that have more than a few users don't want to authorize every > potential 3rd party (converges quickly to all of them, for large/complex > organizations) to sign as every user/address in the domain. Even if SPF > didn't have the 10 DNS lookup limitation, I would not choose put every 3rd > party into our domains' SPF records. I'd essentially be authorizing most > of the [legitimate] internet to use the domains. > Yes, it has this scaling problem. Had it been shown to be effective at dealing with the indirect mail flows issues that DMARC forced to be front-and-center a few years later, I imagine we could've revised ATPS to be more scalable. -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
