![(please configure the [header_logo] section in trac.ini)](https://www.ietf.org/images/ietflogotrans.gif)
Opened 13 months ago
Closed 10 months ago
#87 closed defect (out-of-scope)
DMARC scaling issue
| Reported by: | mike@… | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | dmarc-bis | Version: | |
| Severity: | - | Keywords: | |
| Cc: |
Description
There is a scaling issue for DMARC if it is required to be used beyond the boundary of an administrative domain, and especially if MUA's start running them. There is nothing that says that they can't or shouldn't. It could be very bad if MUA's start doing DMARC checks for each message, each time they view a message. This has been spotted in the wild due to the inadequacies of Authentication-Results.
Change History (3)
comment:1 Changed 13 months ago by mike@…
- Priority changed from minor to major
comment:2 Changed 13 months ago by mike@…
comment:3 Changed 10 months ago by johnl@…
- Resolution set to out-of-scope
- Status changed from new to closed
misunderstands how DMARC is used
Note: See
TracTickets for help on using
tickets.
This text should be added to DMARC-bis
"The verifying DMARC SHOULD encode its results into an Authentication-Results header [RFC 8601] for downstream MTA's, MDA's, and MUA's in the same administrative domain, and those downstream entities SHOULD use the Authentication-Results so as to not put undue burden on the DNS infrastructure".