On 7/30/20 2:47 PM, superu...@gmail.com wrote:
>     Email domains that have more than a few users don't want to authorize 
> every potential 3rd party (converges quickly to all of them, for 
> large/complex organizations) to sign as every user/address in the domain.  
> Even if SPF didn't have the 10 DNS lookup limitation, I would not choose put 
> every 3rd party into our domains' SPF records.  I'd essentially be 
> authorizing most of the [legitimate] internet to use the domains.
> 
> 
> Yes, it has this scaling problem.  Had it been shown to be effective at 
> dealing with the indirect mail flows issues that DMARC forced to be 
> front-and-center a few years later, I imagine we could've revised ATPS to be 
> more scalable.

I almost suggested that an address-level authorization mechanism would be 
useful, but that seems un-scalable for manageability reasons.

Jesse

_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to