On 4/14/2015 3:03 PM, Terry Zink wrote:
Hi, Doug,
TPA-Label operates within its own sub-domain. This
sub-domain can be delegated or use DNAME.
How is the scaling issue really worse than the changes
currently required for SPF? In fact, SPF often entails more
DNS transactions per use
When I talk about scale [1], it's not just a matter of doing DNS lookups. That's important, but
it's not what I worry about because we can solve it by adding more hardware [2]. Instead, by
"scale" I mean "management", that is, having humans manage the process, or
needing humans to do something.
But thats the same problem for everything. How will MS work it out
for your hotmail.com SPF operations? For SPF, hotmail.com has a
relaxed SPF policy with a long list of DNS lookups. Lots of
processing waste here. For DMARC, thousands, perhaps millions, high
volume of mail are getting NXDOMAIN on the expectation there is a
DMARC record.
Are we at a point where all DNS TXT-based solutions will need to be
converted to in-band mail only solutions and we eliminate DNS from the
picture?
if ADID == SDID
DO DNS_DMARC
else
DNS PROBLEM TOO HARD.
Is that what we going to tell the DNS folks on last call? The better
solution was punted because interfacing with DNS people is a tough
problem.
That is what is astonishing me the most here. Billion dollar
corporations saying this problem is too hard for them to address.
Wow. I'm sorry, but it seems odd that we were going for a far more
complex workaround that has security holes just because the we can't
get the DNS folks involved as part of the solution package when DNS is
required in the first place. This all seems very strange to me to
read this.
I don't mind an In-band solution as an OPTIONAL alternative to the
more optimized, more secured, more technically feasible, time tested
simple DNS lookup solution. The IETF, this WG, the chairs owes it to
the interested industry participants to offer and provide a solid
solution, even if it involves getting DNS administration involved.
--
HLS
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
