On Sat 30/Oct/2021 22:56:00 +0200 Scott Kitterman wrote:
On October 30, 2021 8:47:51 PM UTC, John Levine <[email protected]> wrote:
According to Scott Kitterman <[email protected]>:
That usage has proven to work quite well. And some respect for the installed
base wouldn't hurt.
The alternative I suggested is 100% compatible with the installed base.
If a domain has published DMARC policy per RFC 7489, the proposed new
approach will still find it.
Yes, but would PSL-based DMARC filters have to be re-written, re-tested,
re-installed?
I agree that something which would require existing DMARC records to be
changed would be a non-starter.
That's pct=, but I'm digressing...
I'm not sure how much more respectful we can manage to be.
I'd say it's 99.4% compatible with the existing usage. If you have
_dmarc.x.foo.com
_dmarc.foo.com
and you have a message from [email protected], the current scheme will
skip up to _dmarc.foo.com while a tree walk will find _dmarc.x.foo.com.
I doubt that will make any difference in practice.
Agreed.
If there really are any situations like that, who knows what they think it
does now.
Since they all belong to the same organization, their policies should be
concerted.
Yes. Under this new approach it's possible to publish records that would be
found that would be skipped by old implementations, but the other way around
it's fine. It should find 100% of the currently published records.
Another criterion, beside tree-walk and PSL, could be to look at the d= tag of
the DKIM signatures that are aligned with the From: domain. Would that be
semantically equivalent to the procedure described in the current Section 6.7.2?
I think it would be appropriate to have some kind of note warning not to assume
intermediate domains are queried for policy due to legacy code
Agreed. Intermediate domains, the ones between the From: domain and its
Organizational Domain, would be considered like some kind of proxy, or even a
more specific alternative to the Organizational Domain or the possible PSD.
Still, checking each and every intermediate domain may remain optional.
The concept of Organizational Domain is still useful for receivers, as it helps
setting up reputation databases. In this respect, the PSL is also useful
outside the DMARC protocol; for example, to get the organizational domain of
HELO arguments.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
