In article
you write:
>As for those few folks who have seen DNS issues around using CNAMEs, I really
>want to
>hear from you off list. Tracking down esoteric DNS error operational behavior
>is
>something I am slightly obsessive about. "I'm from the DNS, and I'm here to
>help"
Yup. I am
I have to overly agree with Murray here.
Where there should be discussions around using CNAMEs for DMARC records
would be in
a DMARC best practice document.
I spent some time yesterday digging through all the DKIM RFCs, and there is
no place
where there are discussions about using CNAMEs (Except
On Tue, Mar 2, 2021 at 3:51 AM Douglas Foster <
dougfoster.emailstanda...@gmail.com> wrote:
> Because CNAME usage was not mentioned in the previous DMARC document,
> existing implementations may not have tested this configuration. For the
> policy publishing organization, this increases the
I’ve seen CNAME for DMARC deployed frequently and without issue.
This should be completely transparent to most implementations, as whether
the record is TXT or CNAME, the same answer should be retrieved from DNS.
Let’s not conflate implementation issues with problems in the spec,
although I
Current RFC does not mention CNAME and while, in theory, it should work,
we have seen that it does not always do so. Therefore, I would also
support explicitly mentioning CNAME in the RFC.
It is true that people can make mistakes but people already make typos
and other mistakes but having
L.S.
I would suggest update the DMARC standard make explicit how CNAME can be
used or not.
Beside of that, the opendmarc software should address this as a bug in
some way. Their opendmarc-check tool shows the correct policy that fails
from the opendmarc service when used on a CNAME-ed DMARC
Because CNAME usage was not mentioned in the previous DMARC document,
existing implementations may not have tested this configuration. For the
policy publishing organization, this increases the possibility that some
recipients may treat the mail as not protected by DMARC. As with any
Using a CNAME at _dmarc.example should not be a problem, as long as
the CNAME target is a TXT record. The DNS resolver functions should
should handle this seamlessly. This does sound like a vendor software
problem.
I am aware of DKIM records being deployed using CNAMEs pointing to a TXT
record
> -Original Message-
> From: dmarc [mailto:dmarc-boun...@ietf.org] On Behalf Of Tõnu Tammer
> Sent: Dienstag, 2. März 2021 09:13
> To: dmarc@ietf.org
> Subject: Re: [dmarc-ietf] Using CNAME records to DMARC templates causes
> issues
>
> Hi Jan,
>
> We have noticed similar
Hi Jan,
We have noticed similar issue with CNAME that is used by some of the
vendors. However, we have not fully concluded if this is the issue of
software as RFC stipulates that TXT records should be used.
https://tools.ietf.org/html/rfc7489#section-6.1
KR,
Tonu
CERT-EE
On 02.03.2021
Hi all,
I am new to this list, and will give a short introduction to myself.
I work for the Dutch government as an IT architect. One of my goals is
improving mail security.
As Dutch government we commit to comply to SPF, DKIM, DMARC, DANE and
IPv6 standards.
With this we are challenged to keep
11 matches
Mail list logo
