If I read that right it gives you what you think is a desirable outcome. That is, this might be a strong sign that you’re at least considering supporting DMARCbis!
Yes, we all need to be prepared for headaches no matter which direction this all goes. On Oct 13, 2023, at 3:59 AM, Douglas Foster <dougfoster.emailstanda...@gmail.com> wrote:
The first step in my research has been to do DMARC policy lookups on the PSL domains About 400 of them have DMARC policies. A super-majority specify relaxed authentication without specifying a NP policy. This indicates that the policy was created before the PSD for DMARC spec. I conclude that these domains want to be treated as organizations, not PSOs, and tbe stop-last Tree Walk will enable what they have been wanting.
Doug
> On Oct 10, 2023, at 11:57 AM, Alessandro Vesely <ves...@tana.it> wrote:
>
> On Tue 10/Oct/2023 19:16:10 +0200 Todd Herr wrote:
>>> On Tue, Oct 10, 2023 at 6:14 AM Alessandro Vesely <ves...@tana.it> wrote:
>>> On Tue 10/Oct/2023 00:19:56 +0200 Douglas Foster wrote:
>>>> Both approaches have problems. Stop-at-last enables the walk to exit the current organization and stop on a private registry, for both alignment evaluation and for aggregate report transmission. This is not a minor problem, even if it is arguably infrequent.
>>>
>>> The illustrative example in the draft says:
>>>
>>> _dmarc.a.b.c.d.e.mail.example.com
>>> _dmarc.e.mail.example.com
>>> _dmarc.mail.example.com
>>> _dmarc.example.com
>>> _dmarc.com
>>>
>>> That is, no stop at all. In this respect, a psd=n at example.com would save a lookup. However, it is not something that we can recommend, after we chose the obscure tag name. >
>> I'm not sure I understand what you're saying...
>> The illustrative example cited is intended to illustrate a full tree walk
>> that follows the steps for a full tree walk that are spelled out in the
>> numbered list just prior to the illustrative example.
>
>
> Yup, I'm not criticizing the text (I wouldn't know how to better it).
>
> Just wondering how to implement it. It is understood that programs must behave /as if/ they followed the letter of the spec, but don't have to actually do so.
Would it be possible to test these scenarios with a working prototype or some other way to provide proof. Due to other obligations I haven’t been able to lurk here much but upon coming back I think the tree walk issues touched on today are possibly the only things standing in the way of dmarcbis. Though I saw there’s a nascent save our PSL movement that I read about. I’m not sure how serious or influential this movement is and why they’d feel so strongly that they’d step in with somewhat dubious play reviews on the 10 yard line.
I’m just an observer.
I’d be shocked if DMARCbis to emerge perfect and triumphant. I expect problems will be addressed, there’s going to be stress, but ultimately another hack such as the hosts file for DNS will become largely irrelevant in the big picture, taking the Internet another step out of childhood toward adulthood. That’s a good thing even if some things go wrong along the way that need to be fixed or mitigated. The Internet is a place where the perfect is often more blatantly the enemy of the good.
Neil
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
|
