On 7/30/20 2:47 PM, superu...@gmail.com wrote: > Email domains that have more than a few users don't want to authorize > every potential 3rd party (converges quickly to all of them, for > large/complex organizations) to sign as every user/address in the domain. > Even if SPF didn't have the 10 DNS lookup limitation, I would not choose put > every 3rd party into our domains' SPF records. I'd essentially be > authorizing most of the [legitimate] internet to use the domains. > > > Yes, it has this scaling problem. Had it been shown to be effective at > dealing with the indirect mail flows issues that DMARC forced to be > front-and-center a few years later, I imagine we could've revised ATPS to be > more scalable.
I almost suggested that an address-level authorization mechanism would be useful, but that seems un-scalable for manageability reasons. Jesse _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc