On Friday, July 19, 2019 11:30:01 AM EDT Kurt Andersen (b) wrote: .... > > > I'm also concerned > > > that a wildcard null MX record at the org level would end up having all > > > subdomains "exist", but the policy that should be applied would be the > > > > more > > > > > restrictive "np" policy, not the (possibly) more permissive "sp" policy. > > > > I think this is one of those "you must be this tall to ride on this ride" > > situations. DNS comes equipped with multiple footguns and you have to > > know a > > bit about what you're doing to make sure you get the effects you're after. > > Perhaps a reminder in the text related to "np" that wildcards may cause > undesired results and leave it as an exercise for the implementor to learn > from that warning.
It seems like either too much or not enough. This at least slightly concerns me because I don't want to warn about the implication of one DNS feature without being comprehensive. DMARC deployment in any non-trivial organization is an inter-disciplinary task, even more so PSD DMARC. I don't think we want to take on being a deployment guide, so I'd leave it out. Let's see what others think. Scott K _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
