On 2020-08-10 7:24 p.m., John Levine wrote:
In article <2ef8e773e7bf467481a05ab3fc4d9...@bayviewphysicians.com> you write:
Even an external reputation system requires recipient
participation. That is why I suggested both a
send3="parameters" clause to indicate sender support for
third-party authorization and a verify3="parameters" clause to
indicate recipient support for third-party authentication. When
both are visible to the non-domain message source, that source
can have confidence that the message will be handled as
authorized. >
We have had a lot of attempts at third-party authorization schemes
going back at least to vouch-by-reference in 2009 and ATPS in 2012,
and the Spamhaus Whitelist in 2010. Every single one of them failed,
not due to technical problems, but because nobody was interested.
We can either try and understand what was wrong in those schemes, or
abandon authorization schemes forever.
Some schemes, e.g. SPF's include mechanism, seem to enjoy a decent
success.
PGP, GPG, and even personal CA certificates never became really
popular, so we could have concluded that digital signature aren't
worth considering for anti-spoof protocols. Yet, someone thought
about DKIM...
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
