On 4/14/2015 2:09 PM, Douglas Otis wrote:
On 4/14/15 10:12 AM, Terry Zink wrote:
That's what we mean when we say it doesn't scale.
Dear Terry,
TPA-Label operates within its own sub-domain. This
sub-domain can be delegated or use DNAME. This means this
information can be handled by an organization dedicated to
detecting and preventing third-party abuse. In essence, a
role likely to entail sending notices to domains and
ensuring problems are corrected or having their third-party
provisions retracted. A function that Yahoo and AOL dumped
on everyone else by (ab)using DMARC.
How is the scaling issue really worse than the changes
currently required for SPF? In fact, SPF often entails more
DNS transactions per use.
It sure does have a much higher overhead. Just take a look at hotmail.com:
"v=spf1
1 include:spf-a.outlook.com
2 include:spf-b.outlook.com
ip4:157.55.9.128/25
3 include:spf.protection.outlook.com
4 include:spf-a.hotmail.com
5 include:_spf-ssg-b.microsoft.com
6 include:_spf-ssg-c.microsoft.com
~all"
Six DNS calls at the top level and its final result is a relaxed ~all
result. That is a super high scale/volume waste of processing. But
here again is a large company not getting its list of senders
completed. Doesn't stop SPF.
And with DMARC, hotmail.com has no record, so all receivers will be
doing high volume wasting calls.
We should not expect anything different for a domain finding its
network of signers. If it doesn't know its list of signers, then it
just registered what it can and create a relaxed DMARC policy.
--
HLS
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
