Do you envision each operator maintaining its own whitelist, or one or more
public registries of them, or something else?
On the assumption that we have reasonably good agreement about what would
qualify for DMARC whitelisting, I'd think you'd want a small set (maybe
only one) of public whitelists.
If each receiver has to do its own whitelist, that means that nobody bug a
big gorilla who can afford to create a whitelist can apply DMARC policies.
R's,
John
smime.p7s
Description: S/MIME Cryptographic Signature