The current algorithm effectively says that you can have subdomain policies, or you can have relaxed alignment, but you cannot have both. This does not meet my definition of upward-compatible.
However, if we are willing to deprecate major functionality in the pursuit of freedom from the PSL, then lets deprecate relaxed alignment. Domain owners who are serious about DMARC will sign every message. When signing a message, it is no great inconvenience to sign it using the exact match domain. Relaxed alignment is not necessary. With this change, the tree walk is used to determine whether a higher-level policy exists or not. If none exists on the From domain, but one does exist above, then the result is FAIL. - - - - On my earlier proposal, I am surprised that you are willing to assume that everyone of importance will embrace this new and unproven algorithm to kill the PSL, but no one is willing to add a clause to their policy record. Which is the greater effort? Doug Foster On Mon, Feb 27, 2023 at 12:51 PM John Levine <jo...@taugh.com> wrote: > It appears that Murray S. Kucherawy <superu...@gmail.com> said: > >3) Since the goal is to wind down dependence on the PSL, I suggest that an > >implementation might choose to make the algorithm selectable, but I don't > >think the specification should. > > If for some inexplicable reason you really want to keep using the PSL > you can keep using your current DMARC software. Not our problem. > > Like everyone else, I see no reason to encruft our design with hacks > intended > to address hypothetical problems that do not actually exist. > > R's, > John > > PS: On my list of things I may or may not get around to doing is a web > page where you can enter a domain name and it'll tell you whether > you'll get different results with old and new DMARC. > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
