On Mon, Nov 1, 2021 at 6:08 PM Tobias Herkula <tobias.herk...@1und1.de> wrote:
> Yes this is used in a significant way, dropping the mechanic of the > org-domain would make a lot of things in processing inbound mail streams a > lot more complicated. > > The PSL does not exists for DKIM or DMARC, it is a product of the CAB > forum. And the idea was borrowed for DMARC, but without it, DMARC will have > a hard time, and depending standards as well. I don't want to discuss how > good or bad BIMI is, but without an "org-domain" it doesn't work. But if > DMARC as one of the base requirements for BIMI drops the "org-domain" > mechanic, you really need to produce a better alternative than, simply > stating that things that are currently OK to do, are not used by enough > entities and could be abandoned. > > I see a couple billion mails per week and can assure you that 5322.From's > with a Sub-Domain but signed with the org-domain are a regular picture of > totally valid mail streams, and this whole concept goes even deeper for > large mail processors. It makes a huge difference for measuring reputation > and responsibilities. And I think that this should be the baseline for the > discussion here. As a mail receiver, I would at least assume, I and most of > my colleagues use the org-domain concept to pin responsibilities to a clear > and dedicated entity. If we abandon this, we are opening additional attack > vectors without any increase in functionality and even increasing the > complexity for almost all parties, only for the sake of getting the PSL out > of the equation. > > Querying the PSL in a compiled trie data structure is much faster than > even doing one DNS request, and even with the private part of the PSL this > is a couple MB of memory. I get Mails that are larger than downloading the > PSL once per day for a year. So why are we having this discussion? I know > the PSL is not perfect, and I'm totally in for change if something doesn't > work, but we have seen that DBound didn't made it and there are no real > heavy usage PSL alternatives. > > And one thing I really don't get, why do we want to solve that so heavily > that we use scare tactics with phrasing like "if we don't solve it now, we > would need to write another RFC in a couple of years", isn't that totally > fine, for a standard to evolve and update it if it needs an update? > Thank you for your voice of reason Tobias. It would appear that some are willing to create a larger problem in order to address a smaller problem. Michael Hammer
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
