> On Mon, Jun 15, 2026 at 12:35PM Randolf Richardson, Postmaster via mailop <
> [email protected]> wrote:
> 
> > We began switching to DMARCbis, and set "psd=n" and removed "pct="
> > (etc.), on over 500 domain names on the first day it was released.
> >
> > So far we haven't noticed any problems, aside from various online
> > reporting services caliming that our DMARC policies are invalid, but
> > we know this is because they don't process for DMARCbis yet..
> 
> I'd be curious to hear more about these claims that your DMARC policies are
> invalid.

        The psd= policy was incorrectly claimed to be invalid by a number of 
online "DMARC checking" services, but in performing some checks again 
today I see that this is no longer the case with most of them, which 
I assume is the result of them updating their systems (since my 
previous tests) to support DMARCbis.

> Both RFC 7489 and RFC 9989 clearly state that "unknown tags MUST be
> ignored", so any DMARC policy record that starts with "v=DMARC1" and has
> correctly formatted key-value pairs should not be flagged as invalid.

        That's right, and it's a good policy for supporting future expansion 
and progress, such as in the case of the recently-added DMARCbis.

> Can you share examples of a DMARC policy record that was claimed invalid
> and the online reporting service that made the claim?

        This service still fails on the "psd" and "np" tags, but instead of 
reporting an invalid configuration it now incorrectly reports that 
the "psd" and "np" tags are "part of the upcoming DMARCbis standard 
and is not yet officially supported":

                PowerDMARC
                https://www.powerdmarc.com/dmarc-record-checker/

        This next one now fails because it discriminates against Canada (the 
country I'm in) due to assuming our policies are the same as those in 
Russia and the USA, but this is nowhere close to reality -- our 
system of law and justice is very different from Russia and the USA, 
for we have excellent consumer protections and privacy legislation, 
human rights protections, and we don't do the bidding of those two 
countries (for example, many years ago our Privacy Commission forced 
Facebook - after they initially refused to be accomodating - to add 
an option for users to delete all the data they contributed to the 
social network, and Facebook finally capitulated after learning that 
they couldn't push us around by ignoring our federal laws):

                DMARC Manager
                https://www.dmarcmanager.app/geo-statement/

        There were a few other DMARC checking services that also failed on 
technical merits, but I don't recall which ones.  I'm in the process 
of creating a DMARC checking tool that I can refer the 50+ customers 
to who enquired about this so that we won't have to repeatedly 
explain how those free tools are wrong about the current standards 
should this ever occur again in the future.

-- 
Postmaster - [email protected]
Randolf Richardson, CNA - [email protected]
Inter-Corporate Computer & Network Services, Inc.
Vancouver, Beautiful British Columbia, Canada
https://www.inter-corporate.com/


_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop

Reply via email to