If we're discarding may-forward, then it seems to me we might be better off
talking about a whitelist publish/query mechanism that deserves
standardization here. Does VBR or a slight modification to it suffice, or
do we want something else?
Anything that whitelists by domain name is going to end up similar to VBR,
so if that's what we want to do, we might as well use VBR. I am assuming
that this would not be a straight to the inbox whitelist, just one to skip
DMARC policy processing.
VBR can use a DKIM signature or validated SPF bounce address as a lookup
handle (or Domain Keys or Sender ID, but I hope we agree they're dead.)
Regards,
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
_______________________________________________
ietf-822 mailing list
ietf-822(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-822