Hi, Doug, > TPA-Label operates within its own sub-domain. This > sub-domain can be delegated or use DNAME. > How is the scaling issue really worse than the changes > currently required for SPF? In fact, SPF often entails more > DNS transactions per use
When I talk about scale [1], it's not just a matter of doing DNS lookups. That's important, but it's not what I worry about because we can solve it by adding more hardware [2]. Instead, by "scale" I mean "management", that is, having humans manage the process, or needing humans to do something. Getting someone to add anything to DNS doesn't work well [3] unless it is automated because the majority of people that I work with in the customer space don't feel comfortable managing DNS; it is rare that I encounter someone who does and these are people who are in charge of email infrastructure. This is the exact opposite of most people on this discussion list, many of which manage their own zones. For many large organizations, there is a slow change-review process. For medium and small businesses, they just want it to work and therefore don't change much in their DNS unless they are experts, of which there aren't that many in real life. So to say "Oh, just set up a new DNS record and it will all work" is a major obstacle to overcome and is close to a non-starter. I like the idea of the DKIM/FS from John Levine because at least that can be done at the MTA level without any help from domain owners because it's the job of the MTA implementer to figure it out; it's a much smaller set of people who need to understand and can it make it work without domain owner awareness. -- Terry [1] I can't speak for everyone within Microsoft, or anyone within Google or Yahoo but I would imagine they have the same issues because they're both large companies. [2] That's my solution for everything. It's a simplified explanation, but a good technical design and adding adequate hardware solves most of those problems... usually. [3] By "work well" I mean have the majority of people doing it, not that it works technically. _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
