No, you're quite right, but while a minimal MARID may still be in
scope, "no MARID" probably isn't :-)
The DNS-based mechanism must use a domain. MARID has to specify an
algorithm to pick the domain. No escaping that minimum, so "no MARID"
isn't an option.
Yes. Alternatively, if a scheme says make some RPC directly to the hostname
_not_marid_.${mail_from_domain} passing peer_ip in some way to be decided
(for instance) ...
In that case, there's no authentication record in the DNS so it's not a
MARID scheme. (Hence out of scope).
Incidentally, I'd consider such a scheme to be pretty "obvious" :-)
although I believe such things were discussed previously on asrg and
elsewhere - and using the DNS to discover the service rather than rely on a
well known name (or naming convention), as in the naive scheme above, is
pretty well established also.