The new DMARC is here

The new DMARC is here

Briefly

"The most significant change is probably how an organizational domain is identified. In current DMARC this is done using a big, manually maintained lookup table. The new approach looks for _dmarc TXT records in the DNS tree starting at the domain in the From: address - this is the “DNS Tree Walk”. This won't affect most folk, but may allow more operational flexibility in some cases. To support this a new psd tag has been added to DMARC records, to indicate that a domain is a “Public Suffix Domain” (a TLD or pseudo-TLD effectively)."

"The np tag has been added. It's been around as part of RFC 9091 for a while, and allows domain owners to publish a policy to be applied only to subdomains that don't exist in DNS. The pct tag is gone. It really only worked to flag special handling when pct=0, so it's been replaced with the t tag. t=y does the same as pct=0 and t=n (the default) does the same as pct=100."

"The rf (report format) tag is gone. You're going to get your reports in XML, the same as you do now, but we're not pretending there might ever be an alternative. And finally, the ri (report interval) tag is gone. The discussion around interoperability, and how responsible domain owners and mailbox providers should publish and interpret DMARC policy has been drastically improved. If you don't read anything else about the new DMARC, section 7.4 of RFC 9989 is worth a quick read."

"“bis” comes from Latin, meaning “twice” or “doubly”. Biscuits and biscotti are “twice-baked”. In protocol terms “bis” is used to describe the second version of a protocol. Using it implies that the intent is not adding new features, rather it's to improve the existing features and to add new functionality only as"