On October 30, 2021 8:47:51 PM UTC, John Levine <[email protected]> wrote:
>According to Scott Kitterman <[email protected]>:
>>>That usage has proven to work quite well. And some respect for the
>>>installed
>>>base wouldn't hurt.
>>
>>The alternative I suggested is 100% compatible with the installed base. If a
>>domain has published DMARC policy per RFC 7489, the proposed new approach will
>>still find it. I agree that something which would require existing DMARC
>>records to be changed would be a non-starter.
>>
>>I'm not sure how much more respectful we can manage to be.
>
>I'd say it's 99.4% compatible with the existing usage. If you have
>
>_dmarc.x.foo.com
>_dmarc.foo.com
>
>and you have a message from [email protected], the current scheme will
>skip up to _dmarc.foo.com while a tree walk will find _dmarc.x.foo.com.
>
>I doubt that will make any difference in practice. If there really are any
>situations like that, who knows what they think it does now.
Yes. Under this new approach it's possible to publish records that would be
found that would be skipped by old implementations, but the other way around
it's fine. It should find 100% of the currently published records.
I think it would be appropriate to have some kind of note warning not to assume
intermediate domains are queried for policy due to legacy code
Scott K
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
