> On Mon, Jun 15, 2026 at 12:35PM Randolf Richardson, Postmaster via mailop <
> [email protected]> wrote:
>
> > We began switching to DMARCbis, and set "psd=n" and removed "pct="
> > (etc.), on over 500 domain names on the first day it was released.
> >
> > So far we haven't noticed any problems, aside from various online
> > reporting services caliming that our DMARC policies are invalid, but
> > we know this is because they don't process for DMARCbis yet..
>
> I'd be curious to hear more about these claims that your DMARC policies are
> invalid.
The psd= policy was incorrectly claimed to be invalid by a number of
online "DMARC checking" services, but in performing some checks again
today I see that this is no longer the case with most of them, which
I assume is the result of them updating their systems (since my
previous tests) to support DMARCbis.
> Both RFC 7489 and RFC 9989 clearly state that "unknown tags MUST be
> ignored", so any DMARC policy record that starts with "v=DMARC1" and has
> correctly formatted key-value pairs should not be flagged as invalid.
That's right, and it's a good policy for supporting future expansion
and progress, such as in the case of the recently-added DMARCbis.
> Can you share examples of a DMARC policy record that was claimed invalid
> and the online reporting service that made the claim?
This service still fails on the "psd" and "np" tags, but instead of
reporting an invalid configuration it now incorrectly reports that
the "psd" and "np" tags are "part of the upcoming DMARCbis standard
and is not yet officially supported":
PowerDMARC
https://www.powerdmarc.com/dmarc-record-checker/
This next one now fails because it discriminates against Canada (the
country I'm in) due to assuming our policies are the same as those in
Russia and the USA, but this is nowhere close to reality -- our
system of law and justice is very different from Russia and the USA,
for we have excellent consumer protections and privacy legislation,
human rights protections, and we don't do the bidding of those two
countries (for example, many years ago our Privacy Commission forced
Facebook - after they initially refused to be accomodating - to add
an option for users to delete all the data they contributed to the
social network, and Facebook finally capitulated after learning that
they couldn't push us around by ignoring our federal laws):
DMARC Manager
https://www.dmarcmanager.app/geo-statement/
There were a few other DMARC checking services that also failed on
technical merits, but I don't recall which ones. I'm in the process
of creating a DMARC checking tool that I can refer the 50+ customers
to who enquired about this so that we won't have to repeatedly
explain how those free tools are wrong about the current standards
should this ever occur again in the future.
--
Postmaster - [email protected]
Randolf Richardson, CNA - [email protected]
Inter-Corporate Computer & Network Services, Inc.
Vancouver, Beautiful British Columbia, Canada
https://www.inter-corporate.com/
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop