ietf-822
[Top] [All Lists]

Re: [ietf-822] one can re-sign without a permission to re-sign header

2014-05-05 15:46:08
If we're discarding may-forward, then it seems to me we might be better off
talking about a whitelist publish/query mechanism that deserves
standardization here.  Does VBR or a slight modification to it suffice, or
do we want something else?

Anything that whitelists by domain name is going to end up similar to VBR, so if that's what we want to do, we might as well use VBR. I am assuming that this would not be a straight to the inbox whitelist, just one to skip DMARC policy processing.

VBR can use a DKIM signature or validated SPF bounce address as a lookup handle (or Domain Keys or Sender ID, but I hope we agree they're dead.)

Regards,
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.

_______________________________________________
ietf-822 mailing list
ietf-822(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-822