On Sat 10/Jun/2023 01:26:18 +0200 Emil Gustafsson wrote:
Without a version change for the tree-walk, I think we (Google) would need to support both approaches (the old one plus the tree-walk) and based on what we see - make a best guess which version we should use.
I haven't coded the tree walk yet, but I'm thinking to do the same.
Having two explicit versions still means we have two implementations, but at least we don't have to guess which one to use whenever there would be ambiguity with a single version.
Why two versions? Tree walk can be supported while still checking it against the PSL in the same version of the verifier. One point, for example is the lack of psd=y tags in the critical domains.
In this respect, I propose to report the most striking configuration errors in DMARC aggregate reports. In fact, RFCs 6651 and 6652 have seen very little adoption; ruf= a little bit more, but still much less than DMARC aggregate reports.
Errors like missing psd=, invalid SPF record, invalid or missing DKIM record, and similar could be added in the report header, e.g. after <policy_published>, in case relevant errors are seen. Maybe that could improve settings...
Best Ale -- _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
