On 11/20/20 6:02 PM, John R Levine wrote: > Here's a draft about how DMARC might do a tree walk rather than look up an > organizational domain in the PSL. > > https://datatracker.ietf.org/doc/draft-levine-dmarcwalk/
Would it help if there was a new DMARC policy tag to trigger the tree walk? It's still the same number of DNS lookups, but changes the order and doesn't happen unless the organization wants it, so (aside from potential abuse) it should minimize the overall DNS lookup overhead. Look up _dmarc.sales.east.widgets.bigcorp.com - find no policy Look up _dmarc.bigcorp.com - finds a policy with a tw=1 tag Look up _dmarc.east.widgets.bigcorp.com - find no policy Look up _dmarc.widgets.bigcorp.com - finds a valid sp tag Is it also worth considering changing the direction of the lookups under the assumption that the consistency of/control over the sub-organization's sending practices increases with each branch? This would potentially reduce the number of DNS lookups. Look up _dmarc.sales.east.widgets.bigcorp.com - find no policy Look up _dmarc.bigcorp.com - finds a policy with a valid tw=true tag Look up _dmarc.widgets.bigcorp.com - finds a valid sp tag and no additional tw=1 tag Jesse _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc