On 22/5/21 7:41 am, Brandon Long via dmarc-discuss wrote:
I think the limits in the RFC are overly restrictive... as a receiver,
I don't see any issue with having a
much higher limit, you waste fairly minimal resources in that
regard... there may be an issue in the large
as a DoS type attack, but as a larger provider you might benefit more
from weighted throttling of requests
or more general DoS-style protections.
At least at one point we definitely saw enough senders requiring too
many lookups that we cared more about
trying to find a positive evaluation than downside from doing more.
I'd suggest that a resolution to this might be to expand the finite
limit (I've also had trouble with the 10 lookup limit, even for a small
organisation), rather than to burden every implementation with reliance
upon prioritisation capability and other DoS mitigation techniques
merely to make DMARC safe to operate.
The interests of very large receivers are particularly important of
course, but it would appear desirable to maintain the ability for
receivers at any size to implement.
- Roland
_______________________________________________
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)