#87 closed defect (out-of-scope)

DMARC scaling issue

Reported by: mike@… Owned by:
Priority: major Milestone:
Component: dmarc-bis Version:
Severity: - Keywords:
Cc:

Description

There is a scaling issue for DMARC if it is required to be used beyond the boundary of an administrative domain, and especially if MUA's start running them. There is nothing that says that they can't or shouldn't. It could be very bad if MUA's start doing DMARC checks for each message, each time they view a message. This has been spotted in the wild due to the inadequacies of Authentication-Results.

Change History (3)

comment:1 Changed 13 months ago by mike@…

  • Priority changed from minor to major

comment:2 Changed 13 months ago by mike@…

This text should be added to DMARC-bis

"The verifying DMARC SHOULD encode its results into an Authentication-Results header [RFC 8601] for downstream MTA's, MDA's, and MUA's in the same administrative domain, and those downstream entities SHOULD use the Authentication-Results so as to not put undue burden on the DNS infrastructure".

Last edited 13 months ago by mike@… (previous) (diff)

comment:3 Changed 10 months ago by johnl@…

  • Resolution set to out-of-scope
  • Status changed from new to closed

misunderstands how DMARC is used

Note: See TracTickets for help on using tickets.