On Wed 15/Jun/2022 04:40:31 +0200 Douglas Foster wrote:
The problem seems rooted in our different attitudes toward the PSL. If one assumes that the Tree Walk must displace the PSL completely and quickly, then it becomes necessary to “make do” with incomplete information about organizational boundaries, even though this introduces unwanted risk to evaluators. I believe that the assumption is unnecessary, because the Tree Walk and the PSL can coexist without harm. We simply specify that the Tree Walk algorithm MUST be used when organizational boundary information is known to be complete and certain, as indicated by specific policy tags, while the PSL MAY be used when boundary information is uncertain or incomplete.
I think we found the few critical domains which need a flag. I agree we should monitor the publishing of those flags before publishing the RFC, and possibly also afterwards. At that point, the tree walk should be safe to use for all DMARC filters.
Yet, not all DMARC filters will be upgraded overnight. Use of the PSL is going to persist for some time. Mail filters which use the PSL also for other reasons may continue to do so even after upgrading to the tree walk for DMARC purposes. They may also compare tree walk and PSL results.
I think that implementing a standard always leaves some leeway to the programmer. As long as the correct result is the outcome of the tree walk, programmers are free to decide how to manage data. They are not forced to throw away PSL lookups.
The “Must-use-Tree-Walk” indicator provides the domain owner with a remedy to correct PSL errors, as well as a strategy for avoiding them. The MUST indicator also means that DMARCbis-compliant implementations MUST implement the Tree Walk algorithm, ensuring that the new algorithm becomes deployed with critical mass.
I'd be skeptical about user defined “Must-use-Tree-Walk” indicators. The psd= flag (or whatever we'll call it when we'll ask the owners of critical domains to set it) is functional and should be monitored. Any additional flag, statically set and forgotten by the domain owner, would always be questionable.
Best Ale -- _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
