On 8/18/2020 9:43 AM, Tim Wicinski wrote:
I do think the tree walk deserves another look. Years back when it
was brought up,
there was lots of talk of overloading resolvers. But as someone who
spent the past
several years looking at the DNS query data of good sized SaaS
domains, DMARC lookups
(or even DMARC NXDOMAINs) were on the low end of the spectrum.
Nowadays, all web
properties point to CDNs, et al with 30 second TTLs.
To be entirely obvious:
badactor.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.yougetheidea.example.com
produces a possible denial of service attack. hence, no tree-walking.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
