On 8/20/20 4:00 PM, blong=40google....@dmarc.ietf.org wrote: > Neither atps or spf include are really designed for large scale usage
That's my conclusion, as well. I don't want to authorize every potential MLM to use all addresses in all of our domains cart blanch, even if I would otherwise trust them (e.g. their purported ARC results). I *do* want to authorize our *own* MLM(s) to use our own domains for *internal* use... so I thought for a minute... maybe ATSP has merit for small scale usage, as an alternative to SPF include? But no, I don't know if any MLM has a way to check to see if they are authorized via any mechanism, so they will continue to munge the From header for our DMARC-enabled domains anyway. So, for this *internal* use case, maybe I'll just check the ARC result from the trusted MLM and replace the From header with the value of Reply-to/X-Original-From, and call it a day. Jesse _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc