On Mon, Jul 11, 2022 at 5:57 PM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote:
> We should talk about "correct results". > > The PSL gets the correct results in 99-dot-something percent of messages, > but we are proposing a new algorithm because it is wrong on some fraction > of a percent. The size of the fraction is not a reason to ignore a > problem. I support a change. But is the proposed change an improvement? > You had me up until "because". I don't think the fact that the PSL is wrong in some cases is the single impetus to replace it. I mentioned in another message just now what I think the reasons are for pursuing a DNS solution. > We also think the proposed tree walk will also return a correct result in > 99-dot-something percent. But are they better answers? On what basis > would we answer that question? > I think it's hard to measure that until it's fully deployed, but I'm more drawn to the solution whose engineering and operation is easier to describe and justify, even if it's occasionally wrong (because it's easier to fix). What matters is whether the new algorithm produces correct answers when the > PSL produces wrong ones, and whether it does this without introducing new > errors that are not present in the PSL solution. On that question, the > answer is at best uncertain. When the PSL and Tree Walk produce different > results, we simply have no basis for choosing between the two, because the > proposed Tree Walk is sourced on no new information. > Suppose they do give different answers. Irrespective of which one is actually right, I think it's easier for me to explain the DNS answer and why it might be wrong than have to explain in full why the PSL got it wrong, or why fixing it is not a matter of editing my own DNS records. > However, when the Tree Walk result is based on explicit tagging > provided by the domain owner, then we do have a better answer than the PSL, > because the domain owner knows more about his organizational structure than > the PSL volunteers, and we have every reason to trust the domain > owner's assertions. > > [...] > Right. Note this, too, from the PSL's own web site, emphasis theirs: -- snip -- Some use the PSL to determine what is a valid domain name and what isn't. *This is dangerous*. gTLDs and ccTLDs are constantly updating, coming and going - and certainly not static. If the PSL is incorporated in a static manner, and your software does not regularly receive PSL updates, it will erroneously think that valid TLDs are not valid, or conversely treat decommissioned TLDs that should be invalid as valid. The DNS should be the proper source for this information, despite the performance benefits of some local source to pre-empt network latency. If you must use the PSL for this purpose, please do not bake static copies of the PSL into your software without update mechanisms that are frequently checking for its frequent updates and incorporating them. -- snip -- If I'm a serious email receiver (and currently I am not employed by one), this would scare me off of using the PSL completely, and I would seek to develop or subscribe to some kind of DNS solution. -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc