On Wed 27/Nov/2024 02:41:03 +0100 Martin Thomson via Datatracker wrote:
[...] S3 defines a validation process that involves querying DNS at "<provider name>._report._dmarc.<target name>". This will fail when this string is too long, which is pretty easy to manage for an attacker. That's an unrecoverable error, but the procedure says nothing about that error. Does that make certain reporting architectures impossible for some providers?
The only change is adding a consideration that domains whose name length is near to the maximum domain name length limit cannot use external services, however short the name of the external provider. They must create an ad-hoc mailbox that forwards to the external service.
Correct? Best Ale -- _______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
