If we need some real world examples of this, got a few here:
_dmarc.oit.alabama.gov
_dmarc.tjx.com
_dmarc.walmart.com
_dmarc.novanta.com
- Mark Alley
On 3/14/2024 3:18 PM, Todd Herr wrote:
Colleagues,
There was a discussion among M3AAWG members on March 13 that centered
on the question of whether DMARC records can be published in DNS as
CNAMEs, e.g.,
_dmarc.example.com <http://dmarc.example.com> IN CNAME
_dmarc.example.org <http://dmarc.example.org>
_dmarc.example.org <http://dmarc.example.org> IN TXT "v=DMARC1;
p=reject; rua=mailto:dmarc-repo...@example.org
<mailto:dmarc-repo...@example.org>;"
Section 3.6.2 of RFC 1034 seems to indicate that it is permissible to
publish DMARC records in this fashion, and describes the following
scenario using an CNAME record and an A record:
For example, suppose a name server was processing a query with for
USC-
ISIC.ARPA, asking for type A information, and had the following
resource
records:
|USC-ISIC.ARPA IN CNAME C.ISI.EDU <http://C.ISI.EDU>|
|C.ISI.EDU <http://C.ISI.EDU> IN A 10.0.0.52|
Both of these RRs would be returned in the response to the type A
query,
while a type CNAME or * query should return just the CNAME.
I recommend adding a paragraph to DMARCbis, section 5.1 DMARC Policy
Record at the end of that section that reads:
Per RFC 1034 section 3.6.2, a DMARC record MAY be published as a
CNAME record, so long as the corresponding canonical name
ultimately resolves to a TXT record so as to ensure that queries
of type TXT return a DNS RR in the expected format.
Issue 136 has been opened for this.
--
Todd Herr | Technical Director, Standards & Ecosystem
Email: todd.h...@valimail.com
Phone: 703-220-4153
This email and all data transmitted with it contains confidential
and/or proprietary information intended solely for the use of
individual(s) authorized to receive it. If you are not an intended and
authorized recipient you are hereby notified of any use, disclosure,
copying or distribution of the information included in this
transmission is prohibited and may be unlawful. Please immediately
notify the sender by replying to this email and then delete it from
your system.
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc