Reviewer: Stephen Farrell Review result: Has Issues I'm not on the dmarc wg list, but have followed this work from a distance. (IOW, feel free to correct me if I'm just wrong:-) I think I see two issues with this draft: (1) Recent papers e.g. [1,2] argue that the centralisation of mail means that SPF is by now less useful than originally. Given it's been 9 years since RFC7489, one would assume it'll be a while before this document gets an update, and it seems possibly unwise to still consider SPF as "good enough" for that time period. Shouldn't this draft at least indicate that SPF alone (without DKIM) is unlikely to remain sufficient for a DMARC pass? [1] https://wangchuhan.cn/publication/ndss24-a/ndss24summer_paper_wang.pdf [2] https://arxiv.org/pdf/2302.07287 (2) The tree-walk calls for querying TLDs for TXT RRs. Was that discussed with DNS operators for TLDs? It seems like moving from the PSL to a tree-walk puts work on non-email DNS operators. Would it be useful to offer some guidance to TLD DNS operators as to e.g. publishing a long-TTL TXT RR that'd reduce the amount of work they get, or is that considered (by them) as trivial? Otherwise the draft seems good, if very very wordy. -- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
