DMARC scaling issue

[ietf-svn-bot]

resolution_out-of-scope type_defect | by mike@mtcc.com

---

There is a scaling issue for DMARC if it is required to be used beyond the boundary of an administrative domain, and especially if MUA's start running them. There is nothing that says that they can't or shouldn't. It could be very bad if MUA's start doing DMARC checks for each message, each time they view a message. This has been spotted in the wild due to the inadequacies of Authentication-Results.

---

Issue migrated from trac:87 at 2022-01-24 16:52:23 +0000

[ietf-svn-bot]

@mike@mtcc.com changed priority from minor to major

[ietf-svn-bot]

@mike@mtcc.com commented

---

This text should be added to DMARC-bis

"The verifying DMARC SHOULD encode its results into an Authentication-Results header [RFC 8601] for downstream MTA's, MDA's, and MUA's in the same administrative domain, and those downstream entities SHOULD use the Authentication-Results so as to not put undue burden on the DNS infrastructure".

[ietf-svn-bot]

@mike@mtcc.com changed _comment0 which not transferred by tractive

[ietf-svn-bot]

@johnl@taugh.com changed status from new to closed

[ietf-svn-bot]

@johnl@taugh.com set resolution to out-of-scope

[ietf-svn-bot]

@johnl@taugh.com commented

---

misunderstands how DMARC is used