If we have a boundary that is 6 names deep in the DNS hierarchy (so the org domain would be 7 names long), then what is a DMARC validator supposed to do with an email that claims to come from the domain that is only 5 names long? What happens to the second lookup (org-level)?
Example: priv-org.psd-a.b.c.d.e.example: If an email comes from sub1.priv-org.psd-a.b.c.d.e.examplepriv-org.psd-a.b.c.d.e.example, then lookup 1 is for _dmarc.sub1..., lookup 2 is _dmarc.priv-org... and the proposed lookup 3 (for PSD protection) would be _dmarc.psd-a... If the email comes from b.c.d.e.example, then lookup 1 is _dmarc.b... but what would lookups 2 and 3 be? skipped? --Kurt
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
