On Tue, Dec 19, 2017 at 11:34:25 -0500, jo...@taugh.com wrote: > > Dunno if this ever came up before. What, if anything, does this mean? > > _dmarc.example.com IN TXT "v=DMARC1; p=none" > _dmarc.example.com IN TXT "v=DMARC1; p=reject" > > Looking through RFC 7489 I don't see anywhere that it says that more > than one record is forbidden.
Section 6.6.3, Policy Discovery. "If the remaining set contains multiple records or no records, policy discovery terminates and DMARC processing is not applied to this message." > For that matter, what if anything does this mean? > > _dmarc.example.com IN TXT "v=DMARC1; p=none; p=reject" > In 7489 it says "DMARC records follow the extensible "tag-value" > syntax for DNS-based key records defined in DKIM [DKIM]." I hope that > means they follow the DKIM rule that duplicate tags make the whole > record invalid, but that could be clearer. The definition of tag-value syntax in [DKIM] section 3.2 says "Tags with duplicate names MUST NOT occur within a single tag-list; if a tag name does occur more than once, the entire tag-list is invalid." This language could be repeated in the DMARC specification, but I don't see any real reason to do so. There's also a formal ABNF definition in 7489 section 6.4 which shows that duplicate tags aren't allowed. -- Zeke Hendrickson (ezeki...@umich.edu) University of Michigan | Information and Technology Services Infrastructure | Application Operations | Application Delivery Support _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
