On Tue, Mar 2, 2021 at 3:51 AM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote:
> Because CNAME usage was not mentioned in the previous DMARC document, > existing implementations may not have tested this configuration. For the > policy publishing organization, this increases the possibility that some > recipients may treat the mail as not protected by DMARC. As with any > deployment issue, the publishing organization has no reliable way to know > if the deployment of DMARC implementations with full CNAME support is > "essentially complete". This uncertainty may be acceptable for some > organizations, but may be an obstacle for others, depending on their > motivations for implementing DMARC. > > On the implementation side, the use of CNAME will introduce the > possibility of referral errors, which may or may not require mentioning in > the DMARC specification, since such issues have probably been addressed in > core DNS documents. The issues that come to mind are: > CNAME referrals to non-existent names > Nested CNAME referrals (what depth is allowed?) > CNAME referrals that produce loops or excessive nesting depth. > I don't understand why we need to say anything special about CNAMEs here. They are processed by the resolver as they would be for any other application. If there's a bug in opendmarc, that's a different question that has nothing to do with the output of the working group. -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc