Thanks for the question, Seth. What would be the best way to incorporate this requirement? The simplest possible way to address this use case is just to make sure those existing but currently non-compliant domains just have a bare p=none record. Then they'll never fall back to the gov.uk<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgov.uk&data=02%7C01%7CRichard.C%40ncsc.gov.uk%7C5e404b44633f4f62576c08d6e558b353%7C14aa5744ece1474ea2d734f46dda64a1%7C0%7C0%7C636948566460672014&sdata=ihf4soMa8kR%2BcGFwjiIwgy9iHDnrnKLkawsj0Zm9Mi4%3D&reserved=0> record. There's no risk to inadvertently breaking mail here.
Is it remotely realistic for you to offer this guidance? If you're already saying that p=reject is required, how painful is it to advertise that any domain without a DMARC record will get p=reject by default unless it explicitly puts p=none in? I wish that publishing guidance resulted in swift adoption of it but unfortunately it’s not so simple. We already have guidance published requesting that organisations configure DMARC on their gov.uk domain (starting at ‘none’ and progressing to ‘reject’ as they gain confidence). The problem is we have ~3500 domains in use, many by smaller organisations with limited technical ability. Whilst we’ll continue to work towards helping them all deploy DMARC, realistically there will be a long tail to adoption, hence our interest in support for different policies for the existent and non-existent subdomains in DMARC PSD. Presumably other PSDs that aren’t brand new will have this problem too? I’m interested to hear whether we’re on our own or not. Richard This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to [email protected]
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
