Performance is probably a BCP issue. However, since DNS performance concerns are a limiting factor on our specification options, the topic seems relevant menioning now.
In my mail stream, only a small subset requires a DMARC policy lookup to determine disposition. I wonder if others have similar or different results. - One large portion of mail is sent direct: SPF-compliant and domain aligned, so it passes DMARC criteria without checking signatures. This includes both spam and legitimate mail. - Another large portion is from major email service providers and mailbox providers: Based on observation and provider reputation, I have concluded that the RFC5322.From address accurate reflects the providers client domain. This observation includes ESPs that service both spammers and legitimate clients, where I need to filter on the RFC5322.From to determine whether the message is wanted or unwanted. In ESP messages, the presence of a valid signature for the client domain is correlated with a DMARC-enforcing policy, and the absence of a signature is correlated with non-enforcing client domains. - A third portion is spam which we block based on nominal source identity. When blocking on source identity, we do not worry about verifying whether the unwanted source is valid or spoofed. A smaller fourth portion includes messages from trusted senders that have configuration errors which cause SPF or DMARC policy failure. I whitelist them based on verified characteristics, without needing to check DMARC policy. For all four of these message groups, policy lookup is not needed during message processing. Consequently, the DMARC lookup can be deferred until the preparation of the RUA report, and duplicates can be eliminated to minimize DNS traffic when that report is being prepared. This approach minimizes resource usage during message processing, so it seems in the interest of DMARC developers as well as DNS operations. If developers will optimize in this way, the aggregate DNS workload will be significantly reduced, regardless of the algorithms specified. Doug Foster
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc