Opened 2 years ago

Closed 22 months ago

#87 closed defect (out-of-scope)

DMARC scaling issue

Reported by: mike@… Owned by:
Priority: major Milestone:
Component: dmarc-bis Version:
Severity: - Keywords:


There is a scaling issue for DMARC if it is required to be used beyond the boundary of an administrative domain, and especially if MUA's start running them. There is nothing that says that they can't or shouldn't. It could be very bad if MUA's start doing DMARC checks for each message, each time they view a message. This has been spotted in the wild due to the inadequacies of Authentication-Results.

Change History (3)

comment:1 Changed 2 years ago by mike@…

  • Priority changed from minor to major

comment:2 Changed 2 years ago by mike@…

This text should be added to DMARC-bis

"The verifying DMARC SHOULD encode its results into an Authentication-Results header [RFC 8601] for downstream MTA's, MDA's, and MUA's in the same administrative domain, and those downstream entities SHOULD use the Authentication-Results so as to not put undue burden on the DNS infrastructure".

Last edited 2 years ago by mike@… (previous) (diff)

comment:3 Changed 22 months ago by johnl@…

  • Resolution set to out-of-scope
  • Status changed from new to closed

misunderstands how DMARC is used

Note: See TracTickets for help on using tickets.