On Wednesday, March 30, 2022 1:06:25 PM EDT John Levine wrote: > It appears that Tim Wicinski <[email protected]> said: > >> What should the evaluator do if one of these results in a CNAME that > >> > >> either: > >> a) points outside of the tree > > > >I would say "Follow the CNAME" - consider LargeCo which points many DMARC > >records > >of domains in their portfolio to a record in their main domain. Or > >outsourced DMARC to third party. > > > > b) results in a loop pointing at a previously evaluated record > > > >CNAME loops are usually detected in resolvers, but loops should return no > >record found > > Agreed. There is no need to treat CNAMEs here any differently than they > are treated anywhere else. > > Like Tim, I can easily see practical uses for a CNAME pointing at a > shared DMARC record.
I agree. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
