What about putting the MARID data in-line in SMTP via an extension?
The obvious problem is that there's no way to tell if the in-line data
is real without making another transaction back to the sender's domain
to check. If we have to use a separate TCP session to fetch a
possible cachable chunk of XML, the right way to do that is with http
and just fetch the policy document. It's defined, it's standard, it's
debugged, it's available, and it works.
You need a web server to do that, but I would think it'd be a lot
easier to set up a little web server than to deploy a yet to be
invented overloaded extension to SMTP.
Alternatively, the sender could put some kind of signed thing into the
message that the recipient could check against a static set of signer
keys, but we have that, too. It's S/MIME.
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"A book is a sneeze." - E.B. White, on the writing of Charlotte's Web