Something seems inconsistent: - The people who have implemented DMARC do not see any significant problems, and as a result they are not interested in a third-party authorization scheme.
- Yet adoption is very slow, especially for anything other than p=none Are we to assume that mailing list compatibility explains the slow adoption? If not, what other obstacles do we need to be considering? DF ---------------------------------------- From: "Murray S. Kucherawy" <superu...@gmail.com> Sent: 8/24/20 11:21 AM To: Brandon Long <bl...@google.com> Cc: IETF DMARC WG <dmarc@ietf.org>, Tim Draegen <t...@eudaemon.net>, Alessandro Vesely <ves...@tana.it> Subject: Re: [dmarc-ietf] third party authorization, not, was non-mailing list On Thu, Aug 20, 2020 at 2:01 PM Brandon Long <bl...@google.com> wrote: I tend to agree with the negative stance on third party auth, but SPF obviously has the include: statement which is third party auth at the most basic level...atps[1] is the obvious equivalent for DKIM. I don't know if atps failed because it wasn't all that useful, or if it was tied in folks minds to adps, or the failure of the follow-on reputation system stuff.. Neither atps or spf include are really designed for large scale usage across thousands of "relays" etc, and I don't think they should be used for that, but for a bunch of small to medium entities, it could be the thing that makes higher p= possible. ATPS was designed as a proof of concept to see if third party policy was conceptually useful at all. Scale could come later if the initial experiment had a positive result. The industry, however, apparently didn't even have appetite to try, so we may never know. -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
