It appears that Tim Wicinski <[email protected]> said: >> What should the evaluator do if one of these results in a CNAME that >> either: >> >> a) points outside of the tree >> > >I would say "Follow the CNAME" - consider LargeCo which points many DMARC >records >of domains in their portfolio to a record in their main domain. Or >outsourced DMARC to third party. > > b) results in a loop pointing at a previously evaluated record > >CNAME loops are usually detected in resolvers, but loops should return no >record found
Agreed. There is no need to treat CNAMEs here any differently than they are treated anywhere else. Like Tim, I can easily see practical uses for a CNAME pointing at a shared DMARC record. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
