Um, surely you've been around long enough to know that "transition period"
means "forever".
Yes, if the PSL lasts forever.
No, if old DMARC verifiers last forever, which they will. For example, we
published the RFC 8463 about new DKIM signatures four years ago. How many
ed25519 signatures do you see?
Just treat the first DMARC record you find in an upward walk as an org. It
seems to me that will get the desired result at least as often as the PSL
does, and does not require an incompatible flag or a forever period.
To me, it seems you get the right result more often if you take the last
(topmost) DMARC record found. Didn't we have some numbers on that?
I don't remember, perhaps someone else can remind us. In the situation
Mike's been warning about, the topmost record fails dangerously.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
