Alessandro observed: >> However, that kind of hush hush is not deterministic, since the >> protocol does not define the "external information". Providing for a >> URL pointing to such external source might help.
Even an external reputation system requires recipient participation. That is why I suggested both a send3="parameters" clause to indicate sender support for third-party authorization and a verify3="parameters" clause to indicate recipient support for third-party authentication. When both are visible to the non-domain message source, that source can have confidence that the message will be handled as authorized. We have a very complete specification for ATSP signature delegation. Do we have a similar document for your RHSWL approach? Do we have a similar document for lookup into a trusted-forwarders list, assuming a service like that can be revived? If ATSP and RHSWL solve essentially the same problem, we need to do an analysis of which is more likely to succeed, and proceed with that winner. Third-party lookup is a very different approach than ATSP, so they can supplement each other. DF
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
