It appears that Murray S. Kucherawy <[email protected]> said: >So it comes down to which we're willing to tolerate and/or to foist upon >the Internet: a split-brain that makes results non-deterministic, or a >relatively homogeneous space with an arguably unsafe historic default. >Whichever we pick, we should be prepared to explain why.
Seems to me the answer is self-evident. I have no idea to what extent sibling authentication is OK because the two names are indeed part of the same organization, and to what extent it isn't because they aren't. I would be surprised if anyone had data to share since only very large mail systems would collect enough to be useful, and they tend to be shy about sharing. So since we're just guessing, let's pick the guess that minimizes the changes. One of the reasons we added the new psd flag is to make it easy for domains to disable sibling authentication. If you know it's a problem, it's the work of a moment to add psd=y to a name above the evil siblings. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
