Murray took server too literally. I have expressed before that a system could do a sender authentication lookup on List-ID as easily as on From. In this respect, it is similar to Dave's proposal, without the added complexity of additional identifiers. So think "Registerd List-ID plus DKIM signature (or SPF, but DKIM seems both sufficient and preferable.)
I am not sure what "Internet Scale" means to you. Most of the major recipients have bulk mailer registration systems. It does not guarantee whitelisting, but it tends to produce that effect. I have had occasion to register with most of them. So "does not scale" is not obvious to me. Even more to the point, check out this link: https://blog.postmaster.verizonmedia.com/post/616023179026202624/increasing-relevance-performance-through-vto Verizon appears to be offering a service (probably for extra cost) which is based on: (a) a well-defined mail stream from a known sender, and (b) a mailbox user identifying that mail stream as subscribed, and therefore desirable. It appears that the target senders are retailers who want to ensure that their sale announcements are read before the sale is over. It is an "Internet scale" application of the type of registration I was suggesting: Well-identified senders, coupled with end-user endorsement, receive preferred treatment. As to the transparency question, it should be clear that there will be no simple solution to the ML problem. As long as mailing lists appear identical to a malicious spoofer, their only protection is their own sterling reputation. But the only way to establish an acceptable reputation is to either register with the receiver directly, or register with the sender in a way that the receiver will honor. Your proposal does nothing to distinguish mailing lists from malicious spoofers, so it does nothing to solve the problem. Mailing lists either need to send using the ML domain as the From address, not modify the message, or establish a credible reputation. There are no other possibilities on this side of FantasyLand. DF ---------------------------------------- From: Dave Crocker <d...@dcrocker.net> Sent: 8/2/20 5:29 PM To: IETF DMARC WG <dmarc@ietf.org> Subject: Re: [dmarc-ietf] non-mailing list use case for differing header domains On 8/2/2020 2:22 PM, Murray S. Kucherawy wrote: > Ignoring for the moment the problems of scale with any "register your > lists" solution, I don't think users can reasonably be expected to > keep such a registration current if, say, the servers were to move. > Such a migration would no longer be transparent, as it is today. +1 When someone proposes a scheme, it will help for them to list who the relevant actors must be and what they must do and then deal with the question of scaling. That is, how will it be possible for this to work at Internet scale? d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
