In article <2ef8e773e7bf467481a05ab3fc4d9...@bayviewphysicians.com> you write: >>Even an external reputation system requires recipient participation. That >>is why I suggested both a send3="parameters" clause to >indicate sender support for third-party authorization and a >verify3="parameters" clause to indicate recipient support for third-party >authentication. When both are visible to the non-domain message source, >that source can have confidence that the message will be >handled as authorized.
We have had a lot of attempts at third-party authorization schemes going back at least to vouch-by-reference in 2009 and ATPS in 2012, and the Spamhaus Whitelist in 2010. Every single one of them failed, not due to technical problems, but because nobody was interested. The only third party reputation systems that anyone uses are DNSBLs like Spamhaus that publish negative reputations, and even there you can count the ones with non-trivial use on the fingers of one hand. With this in mind, I cannot see any point in designing yet another vouching or authorization scheme unless we have evidence that an interesting fraction of the world's mail systems want to use it. I don't see that, and honestly see no chance that we ever will. R's, John _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
