On Mon, Aug 10, 2020 at 1:24 PM John Levine <jo...@taugh.com> wrote: > In article <2ef8e773e7bf467481a05ab3fc4d9...@bayviewphysicians.com> you > write: > >>Even an external reputation system requires recipient participation. > That is why I suggested both a send3="parameters" clause to > >indicate sender support for third-party authorization and a > verify3="parameters" clause to indicate recipient support for third-party > >authentication. When both are visible to the non-domain message > source, that source can have confidence that the message will be > >handled as authorized. > > We have had a lot of attempts at third-party authorization schemes > going back at least to vouch-by-reference in 2009 and ATPS in 2012, > and the Spamhaus Whitelist in 2010. Every single one of them failed, > not due to technical problems, but because nobody was interested. > > The only third party reputation systems that anyone uses are DNSBLs > like Spamhaus that publish negative reputations, and even there you > can count the ones with non-trivial use on the fingers of one hand. > > With this in mind, I cannot see any point in designing yet another > vouching or authorization scheme unless we have evidence that an > interesting fraction of the world's mail systems want to use it. I > don't see that, and honestly see no chance that we ever will. > > R's, > John > > +1
Michael Hammer
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc