On Tue 10/Oct/2023 00:19:56 +0200 Douglas Foster wrote:
Both approaches have problems. Stop-at-last enables the walk to exit the
current organization and stop on a private registry, for both alignment
evaluation and for aggregate report transmission. This is not a minor
problem, even if it is arguably infrequent.
The illustrative example in the draft says:
_dmarc.a.b.c.d.e.mail.example.com
_dmarc.e.mail.example.com
_dmarc.mail.example.com
_dmarc.example.com
_dmarc.com
That is, no stop at all. In this respect, a psd=n at example.com would save a
lookup. However, it is not something that we can recommend, after we chose the
obscure tag name.
For implementation, it might be faster and politer to lookup .com in the strict
PSL (ICANN domains) than querying _dmarc.com. If you have a dedicated caching
DNS, .com SOA min TTL is 86400, so the empty _dmarc.com stays there for the
whole day and the local DNS might be quicker. Yet, I'd keep comparing with the
PSL, at least for an initial period.
Certainly one is not going to re-start the tree walk from scratch for each
authorizing domain.
I'll try coding that in the next but one zdkimfilter release. (Will that still
be before DMARCbis publication?)
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc