On Saturday, April 8, 2023 9:49:24 AM EDT John Levine wrote: > It appears that Seth Blank <s...@valimail.com> said: > >So how do we handle this? What’s the worst case? Looking at the above > >example, the longest “complex org” would be 5 labels long. I think we’ve > >already agreed, backed by data from the PSL, that the longest PSD would be > >4 labels long. ... > > > >To be clear, due to the current policy discovery mechanics (check author > >domain then jump to organizational domain), I'm not aware of any of these > >complex orgs setting dmarc policies on Author Domains at such a depth. i.e. > >N=5 today would not break anything currently in place. However, the tree > >walk now enables these complex orgs to set policy much deeper in their > >hierarchy, which would then potentially not work as expected and possibly > >send reports to the wrong destination due to the current N=5. > > I wouldn't object to 7 but I would like to see a stronger justification than > "nobody needs it now but someone might want it later."
I've been considering my reply to Seth's original email (and was about to write it when this came in). Ultimately, I think Seth's concern isn't a DMARC problem since it's really an internal organizational routing problem. As I understand the issue, Seth's concern isn't that reports aren't sent, but that they will not go to the right part of a super complex organization. I don't think that's a problem we should try to solve. I think we can prove up to 5 is needed, so going a little further as a mitigation for future uncertainty is OK, but I agree we should have more than hand waving to get beyond that. I'm not certain we need to change it, but 6 or 7 is something I could live with. Scott K _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc