Dave raises some interesting points. For my part, I am troubled by issues that are created by the DMARC specification itself. The fallback rule says we jump directly from the domain name to the organization name, which creates the need for a special list to know how to find the organization. As I think you have discussed, there is no fully acceptable mechanism for publishing the list and keeping implementations of the list current.
If the fallback rule simply told implementations to walk up the domain tree until a policy was found, the need for a special list would go away. The other need for organization knowledge is the domain alignment rule which allows for sibling relationships between the signing domain and the From domain. From a technical standpoint, this is unfortunate becomes it complicates implementations with the need to determine the organization. >From the viewpoint of a receiving system, it is not obvious to me why I should >assume that division1.divisonA.example.com should be accepted as having >administrative authority to send messages on behalf of divisionB.example.com. >This is an administrative control issue for the sending organization, and the >whole point of DMARC was to help sending organizations improve their >administrative control over email. However, it is a trust issue for the >receiving organization, and I have no desire to assume every >DMARC-participating organization has perfect administrative control. But I suppose the DMARC train has left the station, even if the deployment process has been slow. Doug Foster
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
