Comments (2)
I'm not entirely sure having a design conversation over github is the most efficient approach....but I'll try.
This is indeed interesting. My knee jerk reaction is this:
I haven't seen that many templates trying to define DMARC records. We introduced the SPFM concept because we were seeing some conflicts between email and email marketing services.
Am I missing something in the templates here? If this is a real issue, I'm all in. But if this is theoretical, I'm hesitant to introduce a new concept as driving adoption across all the DNS Providers and Service Providers is a pretty big task. Having a stable spec allows us all to level set.
from spec.
I don't believe we currently have an issue, but we probably may have an issue in the near future (and it's good to be prepared).
Both technologies (SPF and DMARC) are growing in terms of adoption.
According to builtwith.com, more than 60% of the Top 1M Alexa websites do have SPF records, while less than 2% of the same list of domains do have DMARC records.
For the "Top 10k" of domains, the numbers currently are at 80% (SPF) and 7% (DMARC).
According to Valimail's quarterly Email Fraud Landscape report Q4/2018, adoption of DMARC is at 50% for the US Fortune 500 and large US tech companies but (according the same source) on average only 20% of domains with DMARC do have DMARC actually enforced by having a different policy than "none".
So just according to those figures, SPF is currently much more spread than DMARC, and at the low enforcement rate of DMARC, DMARC-related misconfigurations simply don't show up. Both technologies do offer multiple knobs to tune, and so potential collisions or requirements to merge records are more likely for SPF than for DMARC.
Today, most DNS providers do treat both DMARC and SPF as "just another TXT record, the user needs to know the correct syntax of whatever they're doing". Domain Connect's mergeable SPFM does severely improve this situation, and I'd like to see the same for DMARC.
I've also been doing a little bit of research on user-provided (not configured by a template mechanism) SPF records: about 14% is syntactically wrong, usually due to faulty attempts to merge multiple SPF statements, "too many DNS lookups" or including random hostnames who don't have SPF records at all (which according to RFC7208 shall result in a "permanent failure" error, where the SPF record is usually ignored, which in turn "makes sending email work again" after having a misconfigured, too-tight SPF record). An even higher rate of records is semantically wrong: by leaving out obviously required SPF includes, including multiple default policies (anything beyond the leftmost "all"-statement is ignored). As such, having SPFM in place is a great improvement, as it does prevent such edit errors from happening. I do consider DMARCM to provide a similar good basis.
Having some "mergeable DMARC" record gives ESPs the option to influence specific parts of a DMARC policy at no extra risk and without enforcing an actual DMARC policy: if the user did not delegate a subdomain for ESP bounce handling, do request DMARC not to be enforced at all. If the user did delegate a subdomain to the ESP, don't care about the enforcement policy but request DMARC to be checking the alignment in "relaxed" mode.
At that stage, the decision of the actual enforcement policy then can be left to the user, as it does become a simple three-button-chooser and not a text string with a dozen different options. So a "mergeable DMARC" record might even increase DMARC awareness and DMARC deployment.
Other than this, you're right as well. As long as nobody is encouraging DMARC records to be deployed universally, DMARC will remain a niche feature for the tech-savy and we won't ever need to deal with random users trying to edit complex statements in a DNS editor or service providers need to deal with DMARC-use cases. As such, Domain Connect should focus on a stable, well-known spec.
from spec.
Related Issues (20)
- Multi domain application
- Multi-template application
- Specify better mixed APEX/subdomain template kind
- Multiple instances of the same record
- Template compatibility test
- Lack of overview on the level of spec support by the DNS provider HOT 2
- Template onboarding automation
- IETF submission
- New record types (CAA)
- Validation of _domainconnect TXT record contents HOT 1
- General acceptance of txtConflictMatchingPolicy
- Inconsistencies in the implementations from DNS providers and/or signalling of implemented features set
- Using variables in port for SRV records HOT 5
- Register _domainconnect TXT record with IANA as per RFC8552
- Add success state to redirect_uri to validate changes HOT 4
- Possible extension for full domain and zone transfer
- Issue with Domain Connect CNAME Flattening HOT 5
- 966559068865 HOT 1
- > https:// [[email protected]](mailto:[email protected])
- > https:// [[email protected]](mailto:[email protected])
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spec.