On Sun, Apr 24, 2022 at 11:38 AM John R Levine <jo...@taugh.com> wrote:
> Someone I know asked me what sort of bad things could happen if one > published a broken DMARC record. Obviously, if your record is bad people > won't follow your policies and you won't get your reports, but anything > else? Have you ever heard of MTAs burping on a bad DMARC record? > > I've looked at the C OpenDMARC and perl Mail::DMARC libraries and they > both seem pretty sturdy: fetch a TXT record and if they find one, look for > the tags they want and ignore everything else. > The Open* projects always aim for a soft or "least disruption" failure mode, at least by default. I could see being strict with (i.e., bounce on) malformed DMARC records at some point, but nobody asked for it so I never added it. For DKIM, a malformed record effectively results in an invalid signature, which is supposed to be harmless, so that's as far as I ever went there. -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
