DMARC's New NP Tag Found Incompatible with DNSSEC in Certain Configurations
A technical analysis published on dmarcwise.io highlights a compatibility issue between DMARC's newly introduced NP tag and DNSSEC. The NP tag, designed to handle non-existent subdomains in email authentication policies, can trigger failures when DNSSEC is in use. The conflict arises from how DNSSEC responds to queries for non-existent domains, potentially interfering with how the NP tag is resolved. The issue was shared on Hacker News, drawing attention from the email security community. Organizations using both DMARC with the NP tag and DNSSEC are advised to review the findings to avoid unintended email delivery failures.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in