> On Mar 15, 2024, at 9:40 AM, Alessandro Vesely <ves...@tana.it> wrote: > > On Fri 15/Mar/2024 02:34:15 +0100 Murray S. Kucherawy wrote: >>> On Fri, Mar 15, 2024 at 9:11 AM John Levine <jo...@taugh.com> wrote: >>> It appears that Todd Herr <todd.h...@valimail.com> said: >>> >I agree that clarifying it can't hurt, obviously, ... >>> >>> I disagree, it does hurt. >>> >>> If we say you're allowed to use CNAMEs to point to DMARC records, >>> people are to say uh oh, is there something special here? What about >>> DKIM records? what about SPF records? how about SPF includes? or SPF >>> redirects? >>> >>> Really, there is nothing to say here, so let's not say it. >>> >> +1, I don't understand what needs to be clarified here. If I ask for a TXT >> record at a given name, I expect to get one back (or a non-success code). >> It really doesn't matter to DMARC whether that process traversed a CNAME >> record in the process. (Or if it does matter, I've yet to see a reason >> why.) > > > +1, people who know DNS can derive the possibility to use CNAME on their own. > Those who don't are better off not trying it.
It’s mostly ESP’s with large customer bases that ask for CNAMES, providing them with scalability, and the ability to rotate keys. It’s the appropriate choice in some contexts. Why is this a concern of the WG? Neil _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
